From e9c93305b97026db8c04f14cf9e611ffddb92840 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Thu, 9 May 2024 12:29:50 -0700 Subject: [PATCH 01/13] prepare-webhook-on-kind.sh specifies type and name --- hack/prepare-webhook-on-kind.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hack/prepare-webhook-on-kind.sh b/hack/prepare-webhook-on-kind.sh index 7f67e3aca..ccd3cd215 100755 --- a/hack/prepare-webhook-on-kind.sh +++ b/hack/prepare-webhook-on-kind.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright 2021 the Pinniped contributors. All Rights Reserved. +# Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # @@ -32,6 +32,9 @@ EOF # Use the CLI to get a kubeconfig that will use this WebhookAuthenticator. go build -o /tmp/pinniped ./cmd/pinniped -/tmp/pinniped get kubeconfig --static-token "$PINNIPED_TEST_USER_TOKEN" >/tmp/kubeconfig-with-webhook-auth.yaml +/tmp/pinniped get kubeconfig \ + --concierge-authenticator-type webhook \ + --concierge-authenticator-name my-webhook \ + --static-token "$PINNIPED_TEST_USER_TOKEN" >/tmp/kubeconfig-with-webhook-auth.yaml echo "export KUBECONFIG=/tmp/kubeconfig-with-webhook-auth.yaml" From dba0de88f3b4fea2c25eb2ac9015816b057ae196 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 10 May 2024 09:17:22 -0500 Subject: [PATCH 02/13] Bump generated 1.30 toolchains to go1.22.3 --- generated/1.30/apis/go.mod | 2 +- generated/1.30/client/go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generated/1.30/apis/go.mod b/generated/1.30/apis/go.mod index 4c30ef8dd..83b94a46c 100644 --- a/generated/1.30/apis/go.mod +++ b/generated/1.30/apis/go.mod @@ -3,7 +3,7 @@ module go.pinniped.dev/generated/1.30/apis go 1.22.0 -toolchain go1.22.2 +toolchain go1.22.3 require ( k8s.io/api v0.30.0 diff --git a/generated/1.30/client/go.mod b/generated/1.30/client/go.mod index 7c116687d..5b7c50a2e 100644 --- a/generated/1.30/client/go.mod +++ b/generated/1.30/client/go.mod @@ -3,7 +3,7 @@ module go.pinniped.dev/generated/1.30/client go 1.22.0 -toolchain go1.22.2 +toolchain go1.22.3 replace go.pinniped.dev/generated/1.30/apis => ../apis From c31a0e37bf866797d203fdbcdc2d8cf75924ed25 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 7 May 2024 13:21:47 -0500 Subject: [PATCH 03/13] Add module command lint_with_docker to run lint within docker with a pinned golangci-lint version --- hack/install-linter.sh | 8 ++++++-- hack/lib/lint-version.txt | 1 + hack/module.sh | 21 +++++++++++++++------ 3 files changed, 22 insertions(+), 8 deletions(-) create mode 100644 hack/lib/lint-version.txt diff --git a/hack/install-linter.sh b/hack/install-linter.sh index 042b23811..1c942acdf 100755 --- a/hack/install-linter.sh +++ b/hack/install-linter.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. +# Copyright 2022-2024 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 set -euo pipefail @@ -11,11 +11,15 @@ cd "${ROOT}" # Print the Go version. go version +lint_version=$(cat hack/lib/lint-version.txt) + +echo "Will install golangci-lint@${lint_version}" + # Install the same version of the linter that is used in the CI pipelines # so you can get the same results when running the linter locally. # Whenever the linter is updated in the CI pipelines, it should also be # updated here to make local development more convenient. -go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.1 +go install -v "github.com/golangci/golangci-lint/cmd/golangci-lint@${lint_version}" golangci-lint --version echo "Finished. You may need to run 'rehash' in your current shell before using the new version (e.g. if you are using gvm)." diff --git a/hack/lib/lint-version.txt b/hack/lib/lint-version.txt new file mode 100644 index 000000000..1c55d0483 --- /dev/null +++ b/hack/lib/lint-version.txt @@ -0,0 +1 @@ +v1.58.1 diff --git a/hack/module.sh b/hack/module.sh index 3cd2754a3..d4843f567 100755 --- a/hack/module.sh +++ b/hack/module.sh @@ -12,10 +12,6 @@ function tidy_cmd() { echo "go mod tidy -v -go=${version} -compat=${version}" } -function lint_cmd() { - echo "golangci-lint run --modules-download-mode=readonly --timeout=30m" -} - function test_cmd() { echo "go test -count 1 -race ./..." } @@ -61,8 +57,21 @@ function main() { ;; 'lint' | 'linter' | 'linters') golangci-lint --version - echo - with_modules 'lint_cmd' + go version + golangci-lint run --modules-download-mode=readonly --timeout=30m + ;; + 'lint_in_docker') + local lint_version + lint_version="${2:-latest}" + docker run --rm \ + --volume "${ROOT/..}":/pinniped \ + --volume "$(go env GOCACHE):/gocache" \ + --volume "$(go env GOMODCACHE):/gomodcache" \ + --env GOCACHE=/gocache \ + --env GOMODCACHE=/gomodcache \ + --workdir /pinniped \ + golangci/golangci-lint:$lint_version \ + ./hack/module.sh lint ;; 'test' | 'tests') with_modules 'test_cmd' From 67d3b5fb8232a62c41945dcb312404bba1cc9abd Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 7 May 2024 14:10:34 -0500 Subject: [PATCH 04/13] Fix misspell lint issues --- internal/registry/clientsecretrequest/rest.go | 2 +- internal/registry/credentialrequest/rest.go | 2 +- internal/registry/whoamirequest/rest.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/registry/clientsecretrequest/rest.go b/internal/registry/clientsecretrequest/rest.go index 2382aaec3..ffa66c973 100644 --- a/internal/registry/clientsecretrequest/rest.go +++ b/internal/registry/clientsecretrequest/rest.go @@ -72,7 +72,7 @@ type REST struct { // Assert that our *REST implements all the optional interfaces that we expect it to implement. var _ interface { - rest.Creater + rest.Creater //nolint:misspell // this name comes from a dependency rest.NamespaceScopedStrategy rest.Scoper rest.Storage diff --git a/internal/registry/credentialrequest/rest.go b/internal/registry/credentialrequest/rest.go index 29153db6f..477cdde68 100644 --- a/internal/registry/credentialrequest/rest.go +++ b/internal/registry/credentialrequest/rest.go @@ -47,7 +47,7 @@ type REST struct { // Assert that our *REST implements all the optional interfaces that we expect it to implement. var _ interface { - rest.Creater + rest.Creater //nolint:misspell // this name comes from a dependency rest.NamespaceScopedStrategy rest.Scoper rest.Storage diff --git a/internal/registry/whoamirequest/rest.go b/internal/registry/whoamirequest/rest.go index edf15b2f7..c7bb1684c 100644 --- a/internal/registry/whoamirequest/rest.go +++ b/internal/registry/whoamirequest/rest.go @@ -33,7 +33,7 @@ type REST struct { // Assert that our *REST implements all the optional interfaces that we expect it to implement. var _ interface { - rest.Creater + rest.Creater //nolint:misspell // this name comes from a dependency rest.NamespaceScopedStrategy rest.Scoper rest.Storage From e04e5e01854a89db92f6e8257e8754e139bcba9e Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 7 May 2024 22:34:32 -0500 Subject: [PATCH 05/13] Fix revive linter issues for all production code, and exclude revive linter issues for test code --- .golangci.yaml | 4 ++++ cmd/pinniped/cmd/kubeconfig.go | 4 ++-- cmd/pinniped/cmd/login_oidc.go | 2 +- cmd/pinniped/cmd/login_static.go | 2 +- ...issionpluginconfg.go => admissionpluginconfig.go} | 0 ...inconfg_test.go => admissionpluginconfig_test.go} | 0 internal/concierge/apiserver/apiserver.go | 6 +++--- internal/concierge/server/server.go | 2 +- .../supervisorconfig/generator/secret_helper.go | 4 ++-- .../supervisorstorage/garbage_collector.go | 2 +- internal/controller/utils.go | 10 +++++----- internal/controllerlib/filter.go | 4 ++-- internal/federationdomain/oidc/oidc.go | 12 ++++++------ internal/supervisor/apiserver/apiserver.go | 4 ++-- internal/supervisor/server/server.go | 4 ++-- internal/upstreamldap/upstreamldap.go | 4 ++-- pkg/oidcclient/login.go | 2 +- test/testlib/assertions.go | 8 ++++---- 18 files changed, 39 insertions(+), 35 deletions(-) rename internal/admissionpluginconfig/{admissionpluginconfg.go => admissionpluginconfig.go} (100%) rename internal/admissionpluginconfig/{admissionpluginconfg_test.go => admissionpluginconfig_test.go} (100%) diff --git a/.golangci.yaml b/.golangci.yaml index 1caff55d6..2c872f55e 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -53,6 +53,10 @@ issues: linters: - funlen - gochecknoglobals + - revive + - path: internal/testutil/ + linters: + - revive linters-settings: funlen: diff --git a/cmd/pinniped/cmd/kubeconfig.go b/cmd/pinniped/cmd/kubeconfig.go index 1674c1bd8..0265fab9f 100644 --- a/cmd/pinniped/cmd/kubeconfig.go +++ b/cmd/pinniped/cmd/kubeconfig.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -163,7 +163,7 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command { mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore") - cmd.RunE = func(cmd *cobra.Command, args []string) error { + cmd.RunE = func(cmd *cobra.Command, _args []string) error { if flags.outputPath != "" { out, err := os.Create(flags.outputPath) if err != nil { diff --git a/cmd/pinniped/cmd/login_oidc.go b/cmd/pinniped/cmd/login_oidc.go index 5bfc50db2..3efa88130 100644 --- a/cmd/pinniped/cmd/login_oidc.go +++ b/cmd/pinniped/cmd/login_oidc.go @@ -147,7 +147,7 @@ func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command { mustMarkHidden(cmd, "skip-listen") mustMarkHidden(cmd, "debug-session-cache") mustMarkRequired(cmd, "issuer") - cmd.RunE = func(cmd *cobra.Command, args []string) error { return runOIDCLogin(cmd, deps, flags) } + cmd.RunE = func(cmd *cobra.Command, _args []string) error { return runOIDCLogin(cmd, deps, flags) } mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore") mustMarkHidden(cmd, "concierge-namespace") diff --git a/cmd/pinniped/cmd/login_static.go b/cmd/pinniped/cmd/login_static.go index 283b4a0fa..9f82a3f12 100644 --- a/cmd/pinniped/cmd/login_static.go +++ b/cmd/pinniped/cmd/login_static.go @@ -86,7 +86,7 @@ func staticLoginCommand(deps staticLoginDeps) *cobra.Command { cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", groupsuffix.PinnipedDefaultSuffix, "Concierge API group suffix") cmd.Flags().StringVar(&flags.credentialCachePath, "credential-cache", filepath.Join(mustGetConfigDir(), "credentials.yaml"), "Path to cluster-specific credentials cache (\"\" disables the cache)") - cmd.RunE = func(cmd *cobra.Command, args []string) error { return runStaticLogin(cmd, deps, flags) } + cmd.RunE = func(cmd *cobra.Command, _args []string) error { return runStaticLogin(cmd, deps, flags) } mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore") mustMarkHidden(cmd, "concierge-namespace") diff --git a/internal/admissionpluginconfig/admissionpluginconfg.go b/internal/admissionpluginconfig/admissionpluginconfig.go similarity index 100% rename from internal/admissionpluginconfig/admissionpluginconfg.go rename to internal/admissionpluginconfig/admissionpluginconfig.go diff --git a/internal/admissionpluginconfig/admissionpluginconfg_test.go b/internal/admissionpluginconfig/admissionpluginconfig_test.go similarity index 100% rename from internal/admissionpluginconfig/admissionpluginconfg_test.go rename to internal/admissionpluginconfig/admissionpluginconfig_test.go diff --git a/internal/concierge/apiserver/apiserver.go b/internal/concierge/apiserver/apiserver.go index 37aafff74..a43c82261 100644 --- a/internal/concierge/apiserver/apiserver.go +++ b/internal/concierge/apiserver/apiserver.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package apiserver @@ -113,7 +113,7 @@ func (c completedConfig) New() (*PinnipedServer, error) { controllersCtx, cancelControllerCtx := context.WithCancel(context.Background()) s.GenericAPIServer.AddPostStartHookOrDie("start-controllers", - func(postStartContext genericapiserver.PostStartHookContext) error { + func(_ genericapiserver.PostStartHookContext) error { plog.Debug("start-controllers post start hook starting") defer plog.Debug("start-controllers post start hook completed") @@ -137,7 +137,7 @@ func (c completedConfig) New() (*PinnipedServer, error) { ) s.GenericAPIServer.AddPostStartHookOrDie("fetch-impersonation-proxy-tokens", - func(postStartContext genericapiserver.PostStartHookContext) error { + func(_ genericapiserver.PostStartHookContext) error { plog.Debug("fetch-impersonation-proxy-tokens start hook starting") defer plog.Debug("fetch-impersonation-proxy-tokens start hook completed") diff --git a/internal/concierge/server/server.go b/internal/concierge/server/server.go index 2f64775c3..728acb353 100644 --- a/internal/concierge/server/server.go +++ b/internal/concierge/server/server.go @@ -73,7 +73,7 @@ func (a *App) addServerCommand(ctx context.Context, args []string, stdout, stder pinniped-concierge provides a generic API for mapping an external credential from somewhere to an internal credential to be used for authenticating to the Kubernetes API.`), - RunE: func(cmd *cobra.Command, args []string) error { return a.runServer(ctx) }, + RunE: func(_ *cobra.Command, _args []string) error { return a.runServer(ctx) }, Args: cobra.NoArgs, } diff --git a/internal/controller/supervisorconfig/generator/secret_helper.go b/internal/controller/supervisorconfig/generator/secret_helper.go index 9ae700c9e..3b5a32d86 100644 --- a/internal/controller/supervisorconfig/generator/secret_helper.go +++ b/internal/controller/supervisorconfig/generator/secret_helper.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package generator @@ -60,7 +60,7 @@ const ( SecretUsageStateEncryptionKey ) -// New returns a SecretHelper that has been parameterized with common symmetric secret generation +// NewSymmetricSecretHelper returns a SecretHelper that has been parameterized with common symmetric secret generation // knobs. func NewSymmetricSecretHelper( namePrefix string, diff --git a/internal/controller/supervisorstorage/garbage_collector.go b/internal/controller/supervisorstorage/garbage_collector.go index 2bab1bcd2..bd791f8ba 100644 --- a/internal/controller/supervisorstorage/garbage_collector.go +++ b/internal/controller/supervisorstorage/garbage_collector.go @@ -79,7 +79,7 @@ func GarbageCollectorController( UpdateFunc: func(oldObj, newObj metav1.Object) bool { return isSecretWithGCAnnotation(oldObj) || isSecretWithGCAnnotation(newObj) }, - DeleteFunc: func(obj metav1.Object) bool { return false }, // ignore all deletes + DeleteFunc: func(_ metav1.Object) bool { return false }, // ignore all deletes ParentFunc: pinnipedcontroller.SingletonQueue(), }, controllerlib.InformerOption{}, diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 1b938e83b..f63fa3dae 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package controller @@ -21,16 +21,16 @@ func NameAndNamespaceExactMatchFilterFactory(name, namespace string) controllerl // MatchAnythingIgnoringUpdatesFilter returns a controllerlib.Filter that allows all objects but ignores updates. func MatchAnythingIgnoringUpdatesFilter(parentFunc controllerlib.ParentFunc) controllerlib.Filter { return controllerlib.FilterFuncs{ - AddFunc: func(object metav1.Object) bool { return true }, - UpdateFunc: func(oldObj, newObj metav1.Object) bool { return false }, - DeleteFunc: func(object metav1.Object) bool { return true }, + AddFunc: func(_ metav1.Object) bool { return true }, + UpdateFunc: func(_oldObj, _newObj metav1.Object) bool { return false }, + DeleteFunc: func(_ metav1.Object) bool { return true }, ParentFunc: parentFunc, } } // MatchAnythingFilter returns a controllerlib.Filter that allows all objects. func MatchAnythingFilter(parentFunc controllerlib.ParentFunc) controllerlib.Filter { - return SimpleFilter(func(object metav1.Object) bool { return true }, parentFunc) + return SimpleFilter(func(_ metav1.Object) bool { return true }, parentFunc) } // SimpleFilter takes a single boolean match function on a metav1.Object and wraps it into a proper controllerlib.Filter. diff --git a/internal/controllerlib/filter.go b/internal/controllerlib/filter.go index aeda6d4d2..3e9a8ec1d 100644 --- a/internal/controllerlib/filter.go +++ b/internal/controllerlib/filter.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package controllerlib @@ -66,7 +66,7 @@ func FilterByNames(parentFunc ParentFunc, names ...string) Filter { return FilterFuncs{ ParentFunc: parentFunc, AddFunc: has, - UpdateFunc: func(oldObj, newObj metav1.Object) bool { + UpdateFunc: func(_oldObj, newObj metav1.Object) bool { return has(newObj) }, DeleteFunc: has, diff --git a/internal/federationdomain/oidc/oidc.go b/internal/federationdomain/oidc/oidc.go index ba839ca7c..2e07a65f6 100644 --- a/internal/federationdomain/oidc/oidc.go +++ b/internal/federationdomain/oidc/oidc.go @@ -173,7 +173,7 @@ func DefaultOIDCTimeoutsConfiguration() timeouts.Configuration { AuthorizeCodeLifespan: authorizationCodeLifespan, AccessTokenLifespan: accessTokenLifespan, - OverrideDefaultAccessTokenLifespan: func(accessRequest fosite.AccessRequester) (time.Duration, bool) { + OverrideDefaultAccessTokenLifespan: func(_ fosite.AccessRequester) (time.Duration, bool) { // Not currently overriding the defaults. return 0, false }, @@ -202,23 +202,23 @@ func DefaultOIDCTimeoutsConfiguration() timeouts.Configuration { RefreshTokenLifespan: refreshTokenLifespan, - AuthorizationCodeSessionStorageLifetime: func(requester fosite.Requester) time.Duration { + AuthorizationCodeSessionStorageLifetime: func(_ fosite.Requester) time.Duration { return authorizationCodeLifespan + refreshTokenLifespan }, - PKCESessionStorageLifetime: func(_requester fosite.Requester) time.Duration { + PKCESessionStorageLifetime: func(_ fosite.Requester) time.Duration { return authorizationCodeLifespan + storageExtraLifetime }, - OIDCSessionStorageLifetime: func(_requester fosite.Requester) time.Duration { + OIDCSessionStorageLifetime: func(_ fosite.Requester) time.Duration { return authorizationCodeLifespan + storageExtraLifetime }, - AccessTokenSessionStorageLifetime: func(requester fosite.Requester) time.Duration { + AccessTokenSessionStorageLifetime: func(_ fosite.Requester) time.Duration { return refreshTokenLifespan + accessTokenLifespan }, - RefreshTokenSessionStorageLifetime: func(requester fosite.Requester) time.Duration { + RefreshTokenSessionStorageLifetime: func(_ fosite.Requester) time.Duration { return refreshTokenLifespan + accessTokenLifespan }, } diff --git a/internal/supervisor/apiserver/apiserver.go b/internal/supervisor/apiserver/apiserver.go index 6fd040be7..703e61fb4 100644 --- a/internal/supervisor/apiserver/apiserver.go +++ b/internal/supervisor/apiserver/apiserver.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package apiserver @@ -117,7 +117,7 @@ func (c completedConfig) New() (*PinnipedServer, error) { controllersCtx, cancelControllerCtx := context.WithCancel(context.Background()) s.GenericAPIServer.AddPostStartHookOrDie("start-controllers", - func(postStartContext genericapiserver.PostStartHookContext) error { + func(_ genericapiserver.PostStartHookContext) error { plog.Debug("start-controllers post start hook starting") defer plog.Debug("start-controllers post start hook completed") diff --git a/internal/supervisor/server/server.go b/internal/supervisor/server/server.go index 99709d57d..7f3925c11 100644 --- a/internal/supervisor/server/server.go +++ b/internal/supervisor/server/server.go @@ -441,8 +441,8 @@ func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervis // Serve the /healthz endpoint and make all other paths result in 404. healthMux := http.NewServeMux() - healthMux.Handle("/healthz", http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) { - _, _ = writer.Write([]byte("ok")) + healthMux.Handle("/healthz", http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { + _, _ = w.Write([]byte("ok")) })) dynamicServingCertProvider := dynamiccert.NewServingCert("supervisor-serving-cert") diff --git a/internal/upstreamldap/upstreamldap.go b/internal/upstreamldap/upstreamldap.go index b49333608..7735b231b 100644 --- a/internal/upstreamldap/upstreamldap.go +++ b/internal/upstreamldap/upstreamldap.go @@ -414,12 +414,12 @@ func (p *Provider) TestConnection(ctx context.Context) error { return nil } -// DryRunAuthenticateUser provides a method for testing all of the Provider settings in a kind of dry run of +// DryRunAuthenticateUser provides a method for testing all the Provider settings in a kind of dry run of // authentication for a given end user's username. It runs the same logic as AuthenticateUser except it does // not bind as that user, so it does not test their password. It returns the same values that a real call to // AuthenticateUser with the correct password would return. func (p *Provider) DryRunAuthenticateUser(ctx context.Context, username string) (*authenticators.Response, bool, error) { - endUserBindFunc := func(conn Conn, foundUserDN string) error { + endUserBindFunc := func(_ Conn, _foundUserDN string) error { // Act as if the end user bind always succeeds. return nil } diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go index ad0e8e532..d82849c2a 100644 --- a/pkg/oidcclient/login.go +++ b/pkg/oidcclient/login.go @@ -477,7 +477,7 @@ func (h *handlerState) cliBasedAuth(authorizeOptions *[]oauth2.AuthCodeOption) ( // Don't follow redirects automatically because we want to handle redirects here. var sawRedirect bool - h.httpClient.CheckRedirect = func(req *http.Request, via []*http.Request) error { + h.httpClient.CheckRedirect = func(_ *http.Request, _via []*http.Request) error { sawRedirect = true return http.ErrUseLastResponse } diff --git a/test/testlib/assertions.go b/test/testlib/assertions.go index 1178ed0e5..21acf56b7 100644 --- a/test/testlib/assertions.go +++ b/test/testlib/assertions.go @@ -1,4 +1,4 @@ -// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package testlib @@ -87,7 +87,7 @@ func RequireEventually( ) // Run the check until it completes with no assertion failures. - waitErr := wait.PollUntilContextTimeout(context.Background(), tick, waitFor, true, func(ctx context.Context) (bool, error) { + waitErr := wait.PollUntilContextTimeout(context.Background(), tick, waitFor, true, func(_ context.Context) (bool, error) { t.Helper() attempts++ @@ -134,7 +134,7 @@ func RequireEventuallyWithoutError( t.Helper() // This previously used wait.PollImmediate (now deprecated), which did not take a ctx arg in the func. // Hide this detail from the callers for now to keep the old signature. - fWithCtx := func(ctx context.Context) (bool, error) { return f() } + fWithCtx := func(_ context.Context) (bool, error) { return f() } require.NoError(t, wait.PollUntilContextTimeout(context.Background(), tick, waitFor, true, fWithCtx), msgAndArgs...) } @@ -151,7 +151,7 @@ func RequireNeverWithoutError( t.Helper() // This previously used wait.PollImmediate (now deprecated), which did not take a ctx arg in the func. // Hide this detail from the callers for now to keep the old signature. - fWithCtx := func(ctx context.Context) (bool, error) { return f() } + fWithCtx := func(_ context.Context) (bool, error) { return f() } err := wait.PollUntilContextTimeout(context.Background(), tick, waitFor, true, fWithCtx) if err != nil && !wait.Interrupted(err) { require.NoError(t, err, msgAndArgs...) // this will fail and throw the right error message From 7b36c8ab54265fdb8cf25b3c3f2fb789d6068047 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 8 May 2024 10:41:55 -0500 Subject: [PATCH 06/13] Enable 'copyloopvar' linter --- .golangci.yaml | 1 + .../main_test.go | 3 +-- cmd/pinniped-server/main_test.go | 3 +-- cmd/pinniped/cmd/kubeconfig_test.go | 1 - cmd/pinniped/cmd/login_oidc_test.go | 1 - cmd/pinniped/cmd/login_static_test.go | 1 - cmd/pinniped/cmd/version_test.go | 3 +-- cmd/pinniped/cmd/whoami_test.go | 6 ++---- .../admissionpluginconfig_test.go | 1 - internal/backoff/infinitebackoff_test.go | 3 +-- internal/backoff/stepping_test.go | 3 +-- internal/celtransformer/celformer_test.go | 1 - internal/certauthority/certauthority_test.go | 5 +---- .../dynamiccertauthority_test.go | 3 +-- .../concierge/impersonator/impersonator_test.go | 3 --- .../concierge/impersonator/roundtripper_test.go | 3 +-- internal/concierge/scheme/scheme_test.go | 3 +-- internal/concierge/server/server_test.go | 3 +-- internal/config/concierge/config_test.go | 1 - internal/config/supervisor/config_test.go | 1 - .../controller/apicerts/certs_expirer_test.go | 12 +++++------- .../apicerts/update_api_service_test.go | 3 +-- .../cachecleaner/cachecleaner_test.go | 1 - .../jwtcachefiller/jwtcachefiller_test.go | 2 -- .../webhookcachefiller/webhookcachefiller_test.go | 2 -- .../controller/issuerconfig/issuerconfig_test.go | 5 ++--- .../controller/kubecertagent/kubecertagent.go | 1 - .../kubecertagent/kubecertagent_test.go | 6 ++---- .../kubecertagent/legacypodcleaner_test.go | 3 +-- ...rvice_account_token_cleanup_controller_test.go | 3 +-- .../active_directory_upstream_watcher_test.go | 3 --- .../federation_domain_watcher_test.go | 2 -- .../generator/federation_domain_secrets_test.go | 13 +++++-------- .../generator/secret_helper_test.go | 4 +--- .../generator/supervisor_secrets_test.go | 4 +--- .../supervisorconfig/jwks_writer_test.go | 15 ++++++--------- .../ldap_upstream_watcher_test.go | 3 --- .../oidcclientwatcher/oidc_client_watcher_test.go | 3 +-- .../oidc_upstream_watcher_test.go | 2 -- internal/controllerinit/controllerinit.go | 4 +--- .../examplecontroller/controller/creating_test.go | 4 +--- internal/crud/crud_test.go | 2 -- internal/crypto/ptls/ptls.go | 1 - internal/crypto/ptls/ptls_test.go | 1 - internal/deploymentref/deploymentref_test.go | 3 +-- internal/downward/downward_test.go | 4 +--- internal/dynamiccert/provider_test.go | 3 +-- internal/endpointaddr/endpointaddr_test.go | 2 -- internal/execcredcache/cachefile_test.go | 3 +-- internal/execcredcache/execcredcache_test.go | 4 +--- .../clientregistry/clientregistry_test.go | 2 -- .../downstreamsubject/downstream_subject_test.go | 2 -- .../federationdomain/dynamiccodec/codec_test.go | 3 +-- .../endpoints/auth/auth_handler_test.go | 1 - .../endpoints/callback/callback_handler_test.go | 2 -- .../chooseidp/choose_idp_handler_test.go | 1 - .../endpoints/discovery/discovery_handler_test.go | 3 +-- .../idpdiscovery/idp_discovery_handler_test.go | 1 - .../endpoints/jwks/jwks_handler_test.go | 3 +-- .../endpoints/token/token_handler_test.go | 5 ----- ...omain_identity_providers_lister_finder_test.go | 5 ----- .../federation_domain_issuer_test.go | 3 +-- .../idtokenlifespan/idtoken_lifespan_test.go | 1 - internal/federationdomain/oidc/oidc_test.go | 1 - .../resolvedoidc/resolved_oidc_provider_test.go | 1 - .../strategy/dynamic_oauth2_hmac_strategy_test.go | 5 +---- ...dynamic_open_id_connect_ecdsa_strategy_test.go | 1 - .../fositestorage/accesstoken/accesstoken_test.go | 1 - .../authorizationcode/authorizationcode_test.go | 1 - .../refreshtoken/refreshtoken_test.go | 1 - internal/groupsuffix/groupsuffix.go | 3 +-- internal/groupsuffix/groupsuffix_test.go | 6 +----- .../securityheader/securityheader_test.go | 3 +-- .../idtransform/identity_transformations_test.go | 3 +-- internal/kubeclient/gvk_test.go | 3 +-- internal/kubeclient/kubeclient_test.go | 2 -- internal/kubeclient/middleware.go | 5 +---- internal/kubeclient/middleware_test.go | 3 +-- internal/kubeclient/path_test.go | 4 +--- internal/kubeclient/roundtrip.go | 3 +-- internal/kubeclient/scheme_test.go | 3 +-- internal/kubeclient/verb_test.go | 3 +-- internal/leaderelection/leaderelection_test.go | 3 +-- .../localuserauthenticator_test.go | 3 +-- internal/net/phttp/debug_test.go | 3 +-- internal/net/phttp/phttp_test.go | 2 -- internal/net/phttp/warning_test.go | 3 +-- .../oidcclientsecretstorage_test.go | 6 +----- internal/ownerref/ownerref_test.go | 4 +--- internal/plog/config_test.go | 1 - internal/plog/plog.go | 3 +-- internal/plog/plog_test.go | 1 - .../registry/clientsecretrequest/rest_test.go | 2 -- internal/registry/whoamirequest/rest_test.go | 3 +-- internal/supervisor/scheme/scheme_test.go | 3 +-- internal/tokenclient/tokenclient_test.go | 5 +---- internal/upstreamldap/upstreamldap_test.go | 1 - internal/upstreamoidc/upstreamoidc_test.go | 10 +++------- .../valuelesscontext/valuelesscontext_test.go | 3 +-- pkg/conciergeclient/conciergeclient_test.go | 1 - pkg/oidcclient/filesession/cachefile_test.go | 3 +-- pkg/oidcclient/filesession/filesession_test.go | 4 +--- pkg/oidcclient/login_test.go | 3 --- test/integration/cli_test.go | 2 -- .../concierge_api_serving_certs_test.go | 1 - .../concierge_credentialrequest_test.go | 2 -- .../concierge_impersonation_proxy_test.go | 3 --- test/integration/kube_api_discovery_test.go | 3 +-- test/integration/leaderelection_test.go | 5 ----- test/integration/main_test.go | 7 +------ test/integration/securetls_test.go | 1 - test/integration/supervisor_discovery_test.go | 3 +-- test/integration/supervisor_oidc_client_test.go | 3 --- .../supervisor_oidcclientsecret_test.go | 6 +----- test/integration/supervisor_secrets_test.go | 3 +-- 115 files changed, 83 insertions(+), 274 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 2c872f55e..07dfef586 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -45,6 +45,7 @@ linters: - sqlclosecheck - unconvert - whitespace + - copyloopvar issues: exclude-rules: diff --git a/cmd/pinniped-concierge-kube-cert-agent/main_test.go b/cmd/pinniped-concierge-kube-cert-agent/main_test.go index f6d6d8546..ee8fe3732 100644 --- a/cmd/pinniped-concierge-kube-cert-agent/main_test.go +++ b/cmd/pinniped-concierge-kube-cert-agent/main_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package main @@ -90,7 +90,6 @@ func TestEntrypoint(t *testing.T) { }`, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { var logBuf bytes.Buffer testLog := log.New(&logBuf, "", 0) diff --git a/cmd/pinniped-server/main_test.go b/cmd/pinniped-server/main_test.go index e262afe31..ee9fe2f96 100644 --- a/cmd/pinniped-server/main_test.go +++ b/cmd/pinniped-server/main_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package main @@ -38,7 +38,6 @@ func TestEntrypoint(t *testing.T) { wantArgs: []string{"/path/to/valid-test-binary", "foo", "bar"}, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { var logBuf bytes.Buffer testLog := log.New(&logBuf, "", 0) diff --git a/cmd/pinniped/cmd/kubeconfig_test.go b/cmd/pinniped/cmd/kubeconfig_test.go index 1af712dcf..50acdf919 100644 --- a/cmd/pinniped/cmd/kubeconfig_test.go +++ b/cmd/pinniped/cmd/kubeconfig_test.go @@ -3197,7 +3197,6 @@ func TestGetKubeconfig(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { var issuerEndpointPtr *string testServer, testServerCA := tlsserver.TestServerIPv4(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { diff --git a/cmd/pinniped/cmd/login_oidc_test.go b/cmd/pinniped/cmd/login_oidc_test.go index 42b84f9fa..581660210 100644 --- a/cmd/pinniped/cmd/login_oidc_test.go +++ b/cmd/pinniped/cmd/login_oidc_test.go @@ -539,7 +539,6 @@ func TestLoginOIDCCommand(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { var buf bytes.Buffer ctx := plog.AddZapOverridesToContext(context.Background(), t, &buf, nil, clocktesting.NewFakeClock(now)) diff --git a/cmd/pinniped/cmd/login_static_test.go b/cmd/pinniped/cmd/login_static_test.go index 19511edfc..e70a8afb7 100644 --- a/cmd/pinniped/cmd/login_static_test.go +++ b/cmd/pinniped/cmd/login_static_test.go @@ -175,7 +175,6 @@ func TestLoginStaticCommand(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { var buf bytes.Buffer ctx := plog.AddZapOverridesToContext(context.Background(), t, &buf, nil, clocktesting.NewFakeClock(now)) diff --git a/cmd/pinniped/cmd/version_test.go b/cmd/pinniped/cmd/version_test.go index d423eac7c..0d16b87a2 100644 --- a/cmd/pinniped/cmd/version_test.go +++ b/cmd/pinniped/cmd/version_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -126,7 +126,6 @@ func TestNewVersionCmd(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { if tt.getBuildInfo != nil { getBuildInfo = tt.getBuildInfo diff --git a/cmd/pinniped/cmd/whoami_test.go b/cmd/pinniped/cmd/whoami_test.go index a5cb87107..728953510 100644 --- a/cmd/pinniped/cmd/whoami_test.go +++ b/cmd/pinniped/cmd/whoami_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2023-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -107,8 +107,7 @@ func TestWhoami(t *testing.T) { Current user info: Username: some-username - Groups: - `), + Groups:` + " \n"), // Linters and codeformatters don't like the extra space after "Groups:" and before the newline }, { name: "json output", @@ -280,7 +279,6 @@ func TestWhoami(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { getClientset := func(clientConfig clientcmd.ClientConfig, apiGroupSuffix string) (conciergeclientset.Interface, error) { if test.gettingClientsetErr != nil { diff --git a/internal/admissionpluginconfig/admissionpluginconfig_test.go b/internal/admissionpluginconfig/admissionpluginconfig_test.go index 52b0a2bb0..3beb96845 100644 --- a/internal/admissionpluginconfig/admissionpluginconfig_test.go +++ b/internal/admissionpluginconfig/admissionpluginconfig_test.go @@ -163,7 +163,6 @@ func TestConfigureAdmissionPlugins(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/backoff/infinitebackoff_test.go b/internal/backoff/infinitebackoff_test.go index 04757dfb1..1de2b1437 100644 --- a/internal/backoff/infinitebackoff_test.go +++ b/internal/backoff/infinitebackoff_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2023-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package backoff @@ -77,7 +77,6 @@ func TestInfiniteBackoff(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { require.NotEmpty(t, tt.expectedSequence) for i, expected := range tt.expectedSequence { diff --git a/internal/backoff/stepping_test.go b/internal/backoff/stepping_test.go index 432f8900b..e4b8cea79 100644 --- a/internal/backoff/stepping_test.go +++ b/internal/backoff/stepping_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2023-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package backoff @@ -81,7 +81,6 @@ func TestWithContext(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { testContext, cancel := context.WithCancel(context.Background()) backoff := &MockStepper{ diff --git a/internal/celtransformer/celformer_test.go b/internal/celtransformer/celformer_test.go index b26d4d474..df4aac44b 100644 --- a/internal/celtransformer/celformer_test.go +++ b/internal/celtransformer/celformer_test.go @@ -780,7 +780,6 @@ func TestTransformer(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/certauthority/certauthority_test.go b/internal/certauthority/certauthority_test.go index 312512064..13b0ca1b1 100644 --- a/internal/certauthority/certauthority_test.go +++ b/internal/certauthority/certauthority_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package certauthority @@ -74,7 +74,6 @@ func TestLoad(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -162,7 +161,6 @@ func TestNewInternal(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { got, err := newInternal("Test CA", tt.ttl, tt.env) if tt.wantErr != "" { @@ -316,7 +314,6 @@ func TestIssue(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { got, err := tt.ca.IssueServerCert([]string{"example.com"}, []net.IP{net.IPv4(1, 2, 3, 4)}, 10*time.Minute) if tt.wantErr != "" { diff --git a/internal/certauthority/dynamiccertauthority/dynamiccertauthority_test.go b/internal/certauthority/dynamiccertauthority/dynamiccertauthority_test.go index cd07d173a..665f6d191 100644 --- a/internal/certauthority/dynamiccertauthority/dynamiccertauthority_test.go +++ b/internal/certauthority/dynamiccertauthority/dynamiccertauthority_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package dynamiccertauthority @@ -89,7 +89,6 @@ func TestCAIssuePEM(t *testing.T) { }, } for _, step := range steps { - step := step t.Run(step.name, func(t *testing.T) { // Can't run these steps in parallel, because each one depends on the previous steps being // run. diff --git a/internal/concierge/impersonator/impersonator_test.go b/internal/concierge/impersonator/impersonator_test.go index 783ae8e07..289a79bea 100644 --- a/internal/concierge/impersonator/impersonator_test.go +++ b/internal/concierge/impersonator/impersonator_test.go @@ -667,7 +667,6 @@ func TestImpersonator(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -1796,7 +1795,6 @@ func TestImpersonatorHTTPHandler(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -2061,7 +2059,6 @@ func Test_withBearerTokenPreservation(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/concierge/impersonator/roundtripper_test.go b/internal/concierge/impersonator/roundtripper_test.go index 0c8fc0e67..ae52a9846 100644 --- a/internal/concierge/impersonator/roundtripper_test.go +++ b/internal/concierge/impersonator/roundtripper_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2023-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package impersonator @@ -72,7 +72,6 @@ func TestRoundTrip(t *testing.T) { wantError: "no impersonator service account token available", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { base := &fakeRoundTripper{ response: new(http.Response), diff --git a/internal/concierge/scheme/scheme_test.go b/internal/concierge/scheme/scheme_test.go index 5627ada7a..b28bab73d 100644 --- a/internal/concierge/scheme/scheme_test.go +++ b/internal/concierge/scheme/scheme_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package scheme @@ -188,7 +188,6 @@ func TestNew(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { scheme, loginGV, identityGV := New(tt.apiGroupSuffix) require.Equal(t, tt.want, scheme.AllKnownTypes()) diff --git a/internal/concierge/server/server_test.go b/internal/concierge/server/server_test.go index 0825cf5ba..70512a45c 100644 --- a/internal/concierge/server/server_test.go +++ b/internal/concierge/server/server_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package server @@ -67,7 +67,6 @@ func TestCommand(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { stdout := bytes.NewBuffer([]byte{}) stderr := bytes.NewBuffer([]byte{}) diff --git a/internal/config/concierge/config_test.go b/internal/config/concierge/config_test.go index ec7573941..f1d52c3ed 100644 --- a/internal/config/concierge/config_test.go +++ b/internal/config/concierge/config_test.go @@ -589,7 +589,6 @@ func TestFromPath(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { // this is a serial test because it sets the global logger diff --git a/internal/config/supervisor/config_test.go b/internal/config/supervisor/config_test.go index 61834a0eb..61f83aed8 100644 --- a/internal/config/supervisor/config_test.go +++ b/internal/config/supervisor/config_test.go @@ -253,7 +253,6 @@ func TestFromPath(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { // this is a serial test because it sets the global logger diff --git a/internal/controller/apicerts/certs_expirer_test.go b/internal/controller/apicerts/certs_expirer_test.go index eb88190fb..4dbaa6eda 100644 --- a/internal/controller/apicerts/certs_expirer_test.go +++ b/internal/controller/apicerts/certs_expirer_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package apicerts @@ -88,7 +88,6 @@ func TestExpirerControllerFilters(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name+"-"+test.namespace, func(t *testing.T) { t.Parallel() @@ -110,10 +109,10 @@ func TestExpirerControllerFilters(t *testing.T) { unrelated := corev1.Secret{} filter := withInformer.GetFilterForInformer(secretsInformer) - require.Equal(t, test.want, filter.Add(&test.secret)) - require.Equal(t, test.want, filter.Update(&unrelated, &test.secret)) - require.Equal(t, test.want, filter.Update(&test.secret, &unrelated)) - require.Equal(t, test.want, filter.Delete(&test.secret)) + require.Equal(t, test.want, filter.Add(test.secret.DeepCopy())) + require.Equal(t, test.want, filter.Update(&unrelated, test.secret.DeepCopy())) + require.Equal(t, test.want, filter.Update(test.secret.DeepCopy(), &unrelated)) + require.Equal(t, test.want, filter.Delete(test.secret.DeepCopy())) }) } } @@ -219,7 +218,6 @@ func TestExpirerControllerSync(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() diff --git a/internal/controller/apicerts/update_api_service_test.go b/internal/controller/apicerts/update_api_service_test.go index 9d7bce4d8..725f735e9 100644 --- a/internal/controller/apicerts/update_api_service_test.go +++ b/internal/controller/apicerts/update_api_service_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package apicerts @@ -203,7 +203,6 @@ func TestUpdateAPIService(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { ctx := context.Background() diff --git a/internal/controller/authenticator/cachecleaner/cachecleaner_test.go b/internal/controller/authenticator/cachecleaner/cachecleaner_test.go index 9602f05f8..72636b8f7 100644 --- a/internal/controller/authenticator/cachecleaner/cachecleaner_test.go +++ b/internal/controller/authenticator/cachecleaner/cachecleaner_test.go @@ -133,7 +133,6 @@ func TestController(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { // When we have t.Parallel() here, this test blocks pretty consistently...y tho? diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go index 3777051eb..d934f08b8 100644 --- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go +++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go @@ -1663,7 +1663,6 @@ func TestController(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -1781,7 +1780,6 @@ func TestController(t *testing.T) { tt.wantGroupsClaim, goodIssuer, ) { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() diff --git a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go index a846c9577..2c8564670 100644 --- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go +++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go @@ -1306,7 +1306,6 @@ func TestController(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -1465,7 +1464,6 @@ func TestNewWebhookAuthenticator(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() var conditions []*metav1.Condition diff --git a/internal/controller/issuerconfig/issuerconfig_test.go b/internal/controller/issuerconfig/issuerconfig_test.go index 1ef1600d9..7b4fef97f 100644 --- a/internal/controller/issuerconfig/issuerconfig_test.go +++ b/internal/controller/issuerconfig/issuerconfig_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package issuerconfig @@ -213,11 +213,10 @@ func TestMergeStrategy(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { updated := tt.configToUpdate.DeepCopy() mergeStrategy(updated, tt.strategy) - require.Equal(t, &tt.expected, updated) + require.Equal(t, tt.expected.DeepCopy(), updated) }) } } diff --git a/internal/controller/kubecertagent/kubecertagent.go b/internal/controller/kubecertagent/kubecertagent.go index 4e801719c..7afcdc147 100644 --- a/internal/controller/kubecertagent/kubecertagent.go +++ b/internal/controller/kubecertagent/kubecertagent.go @@ -626,7 +626,6 @@ func pluralize(pods []*corev1.Pod) string { func firstErr(errs ...error) error { for _, err := range errs { - err := err if err != nil { return err } diff --git a/internal/controller/kubecertagent/kubecertagent_test.go b/internal/controller/kubecertagent/kubecertagent_test.go index 564c11c97..1308e12a8 100644 --- a/internal/controller/kubecertagent/kubecertagent_test.go +++ b/internal/controller/kubecertagent/kubecertagent_test.go @@ -1018,7 +1018,6 @@ func TestAgentController(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -1177,15 +1176,14 @@ func TestMergeLabelsAndAnnotations(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() existingCopy := tt.existing.DeepCopy() desiredCopy := tt.desired.DeepCopy() got := mergeLabelsAndAnnotations(tt.existing, tt.desired) require.Equal(t, tt.expected, got) - require.Equal(t, existingCopy, &tt.existing, "input was modified!") - require.Equal(t, desiredCopy, &tt.desired, "input was modified!") + require.Equal(t, existingCopy, tt.existing.DeepCopy(), "input was modified!") + require.Equal(t, desiredCopy, tt.desired.DeepCopy(), "input was modified!") }) } } diff --git a/internal/controller/kubecertagent/legacypodcleaner_test.go b/internal/controller/kubecertagent/legacypodcleaner_test.go index 211219af7..843c2398e 100644 --- a/internal/controller/kubecertagent/legacypodcleaner_test.go +++ b/internal/controller/kubecertagent/legacypodcleaner_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubecertagent @@ -139,7 +139,6 @@ func TestLegacyPodCleanerController(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/controller/serviceaccounttokencleanup/legacy_service_account_token_cleanup_controller_test.go b/internal/controller/serviceaccounttokencleanup/legacy_service_account_token_cleanup_controller_test.go index 364393dab..2629ac87c 100644 --- a/internal/controller/serviceaccounttokencleanup/legacy_service_account_token_cleanup_controller_test.go +++ b/internal/controller/serviceaccounttokencleanup/legacy_service_account_token_cleanup_controller_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2023-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package serviceaccounttokencleanup @@ -130,7 +130,6 @@ func TestSync(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go b/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go index d6f1ee08b..ed12e87d4 100644 --- a/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go @@ -71,7 +71,6 @@ func TestActiveDirectoryUpstreamWatcherControllerFilterSecrets(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -116,7 +115,6 @@ func TestActiveDirectoryUpstreamWatcherControllerFilterActiveDirectoryIdentityPr }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -2002,7 +2000,6 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/controller/supervisorconfig/federation_domain_watcher_test.go b/internal/controller/supervisorconfig/federation_domain_watcher_test.go index 1f8876a6f..ade25e060 100644 --- a/internal/controller/supervisorconfig/federation_domain_watcher_test.go +++ b/internal/controller/supervisorconfig/federation_domain_watcher_test.go @@ -85,7 +85,6 @@ func TestFederationDomainWatcherControllerInformerFilters(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -1999,7 +1998,6 @@ func TestTestFederationDomainWatcherControllerSync(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go b/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go index e0d371ac4..18940f0e9 100644 --- a/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go +++ b/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go @@ -168,7 +168,6 @@ func TestFederationDomainControllerFilterSecret(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -231,7 +230,6 @@ func TestNewFederationDomainSecretsControllerFilterFederationDomain(t *testing.T }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -264,11 +262,11 @@ func TestNewFederationDomainSecretsControllerFilterFederationDomain(t *testing.T unrelated := configv1alpha1.FederationDomain{} filter := withInformer.GetFilterForInformer(federationDomainInformer) - require.Equal(t, test.wantAdd, filter.Add(&test.federationDomain)) - require.Equal(t, test.wantUpdate, filter.Update(&unrelated, &test.federationDomain)) - require.Equal(t, test.wantUpdate, filter.Update(&test.federationDomain, &unrelated)) - require.Equal(t, test.wantDelete, filter.Delete(&test.federationDomain)) - require.Equal(t, test.wantParent, filter.Parent(&test.federationDomain)) + require.Equal(t, test.wantAdd, filter.Add(test.federationDomain.DeepCopy())) + require.Equal(t, test.wantUpdate, filter.Update(&unrelated, test.federationDomain.DeepCopy())) + require.Equal(t, test.wantUpdate, filter.Update(test.federationDomain.DeepCopy(), &unrelated)) + require.Equal(t, test.wantDelete, filter.Delete(test.federationDomain.DeepCopy())) + require.Equal(t, test.wantParent, filter.Parent(test.federationDomain.DeepCopy())) }) } } @@ -625,7 +623,6 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() diff --git a/internal/controller/supervisorconfig/generator/secret_helper_test.go b/internal/controller/supervisorconfig/generator/secret_helper_test.go index cd03efba1..7750ad4b5 100644 --- a/internal/controller/supervisorconfig/generator/secret_helper_test.go +++ b/internal/controller/supervisorconfig/generator/secret_helper_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package generator @@ -52,7 +52,6 @@ func TestSymmetricSecretHelper(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -182,7 +181,6 @@ func TestSymmetricSecretHelperIsValid(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { h := NewSymmetricSecretHelper("none of these args matter", nil, nil, test.secretUsage, nil) diff --git a/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go b/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go index 594fe5c7e..1ac1e9473 100644 --- a/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go +++ b/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package generator @@ -100,7 +100,6 @@ func TestSupervisorSecretsControllerFilterSecret(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -407,7 +406,6 @@ func TestSupervisorSecretsControllerSync(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { // We cannot currently run this test in parallel since it uses the global generateKey function. diff --git a/internal/controller/supervisorconfig/jwks_writer_test.go b/internal/controller/supervisorconfig/jwks_writer_test.go index bfb09ba50..0f395f01c 100644 --- a/internal/controller/supervisorconfig/jwks_writer_test.go +++ b/internal/controller/supervisorconfig/jwks_writer_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package supervisorconfig @@ -167,7 +167,6 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -221,7 +220,6 @@ func TestJWKSWriterControllerFilterFederationDomain(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -245,11 +243,11 @@ func TestJWKSWriterControllerFilterFederationDomain(t *testing.T) { unrelated := configv1alpha1.FederationDomain{} filter := withInformer.GetFilterForInformer(federationDomainInformer) - require.Equal(t, test.wantAdd, filter.Add(&test.federationDomain)) - require.Equal(t, test.wantUpdate, filter.Update(&unrelated, &test.federationDomain)) - require.Equal(t, test.wantUpdate, filter.Update(&test.federationDomain, &unrelated)) - require.Equal(t, test.wantDelete, filter.Delete(&test.federationDomain)) - require.Equal(t, test.wantParent, filter.Parent(&test.federationDomain)) + require.Equal(t, test.wantAdd, filter.Add(test.federationDomain.DeepCopy())) + require.Equal(t, test.wantUpdate, filter.Update(&unrelated, test.federationDomain.DeepCopy())) + require.Equal(t, test.wantUpdate, filter.Update(test.federationDomain.DeepCopy(), &unrelated)) + require.Equal(t, test.wantDelete, filter.Delete(test.federationDomain.DeepCopy())) + require.Equal(t, test.wantParent, filter.Parent(test.federationDomain.DeepCopy())) }) } } @@ -664,7 +662,6 @@ func TestJWKSWriterControllerSync(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { // We shouldn't run this test in parallel since it messes with a global function (generateKey). generateKeyCount := 0 diff --git a/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go b/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go index 38fdf94d7..1e871858a 100644 --- a/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go @@ -70,7 +70,6 @@ func TestLDAPUpstreamWatcherControllerFilterSecrets(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -115,7 +114,6 @@ func TestLDAPUpstreamWatcherControllerFilterLDAPIdentityProviders(t *testing.T) }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -1131,7 +1129,6 @@ func TestLDAPUpstreamWatcherControllerSync(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/controller/supervisorconfig/oidcclientwatcher/oidc_client_watcher_test.go b/internal/controller/supervisorconfig/oidcclientwatcher/oidc_client_watcher_test.go index a62497e3e..d13bad387 100644 --- a/internal/controller/supervisorconfig/oidcclientwatcher/oidc_client_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcclientwatcher/oidc_client_watcher_test.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package oidcclientwatcher @@ -954,7 +954,6 @@ func TestOIDCClientWatcherControllerSync(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() fakePinnipedClient := pinnipedfake.NewSimpleClientset(tt.inputObjects...) diff --git a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go index 6837fa62a..614ee3afd 100644 --- a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go @@ -74,7 +74,6 @@ func TestOIDCUpstreamWatcherControllerFilterSecret(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -1409,7 +1408,6 @@ oidc: issuer did not match the issuer returned by provider, expected "` + testIs }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() fakePinnipedClient := pinnipedfake.NewSimpleClientset(tt.inputUpstreams...) diff --git a/internal/controllerinit/controllerinit.go b/internal/controllerinit/controllerinit.go index 125974669..825817e49 100644 --- a/internal/controllerinit/controllerinit.go +++ b/internal/controllerinit/controllerinit.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package controllerinit @@ -34,8 +34,6 @@ type Informer interface { func Prepare(controllers Runner, controllersWrapper RunnerWrapper, informers ...Informer) RunnerBuilder { return func(ctx context.Context) (Runner, error) { for _, informer := range informers { - informer := informer - informer.Start(ctx.Done()) // prevent us from blocking forever due to a broken informer diff --git a/internal/controllerlib/test/integration/examplecontroller/controller/creating_test.go b/internal/controllerlib/test/integration/examplecontroller/controller/creating_test.go index 74c617219..1d3100848 100644 --- a/internal/controllerlib/test/integration/examplecontroller/controller/creating_test.go +++ b/internal/controllerlib/test/integration/examplecontroller/controller/creating_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package controller @@ -92,8 +92,6 @@ func TestNewExampleCreatingController(t *testing.T) { }, } for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { kubeClient := fake.NewSimpleClientset() for i := range tt.args.services { diff --git a/internal/crud/crud_test.go b/internal/crud/crud_test.go index ea9d8c369..1a54e6d3d 100644 --- a/internal/crud/crud_test.go +++ b/internal/crud/crud_test.go @@ -1288,7 +1288,6 @@ func TestStorage(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -1516,7 +1515,6 @@ func TestFromSecret(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() data := &testJSON{} diff --git a/internal/crypto/ptls/ptls.go b/internal/crypto/ptls/ptls.go index 52a3d3ea5..bf2ae4e1f 100644 --- a/internal/crypto/ptls/ptls.go +++ b/internal/crypto/ptls/ptls.go @@ -38,7 +38,6 @@ func Legacy(rootCAs *x509.CertPool) *tls.Config { func suitesToIDs(suites []*tls.CipherSuite) []uint16 { out := make([]uint16, 0, len(suites)) for _, suite := range suites { - suite := suite out = append(out, suite.ID) } return out diff --git a/internal/crypto/ptls/ptls_test.go b/internal/crypto/ptls/ptls_test.go index 5825faf1d..789b30fbf 100644 --- a/internal/crypto/ptls/ptls_test.go +++ b/internal/crypto/ptls/ptls_test.go @@ -208,7 +208,6 @@ func TestMerge(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/deploymentref/deploymentref_test.go b/internal/deploymentref/deploymentref_test.go index 181e3f11b..e219ecd10 100644 --- a/internal/deploymentref/deploymentref_test.go +++ b/internal/deploymentref/deploymentref_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package deploymentref @@ -106,7 +106,6 @@ func TestNew(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { client := kubefake.NewSimpleClientset(test.apiObjects...) if test.client != nil { diff --git a/internal/downward/downward_test.go b/internal/downward/downward_test.go index adc15b407..efaa7ec56 100644 --- a/internal/downward/downward_test.go +++ b/internal/downward/downward_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package downward @@ -51,7 +51,6 @@ func TestLoad(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { got, err := Load(tt.inputDir) if tt.wantErr != "" { @@ -103,7 +102,6 @@ example.com/bar="baz\x01" }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { got, err := parseMap(tt.input) if tt.wantErr != "" { diff --git a/internal/dynamiccert/provider_test.go b/internal/dynamiccert/provider_test.go index 9dc05b709..3c661d963 100644 --- a/internal/dynamiccert/provider_test.go +++ b/internal/dynamiccert/provider_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package dynamiccert @@ -148,7 +148,6 @@ func TestProviderWithDynamicServingCertificateController(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/endpointaddr/endpointaddr_test.go b/internal/endpointaddr/endpointaddr_test.go index 91c68b0d6..1d560629d 100644 --- a/internal/endpointaddr/endpointaddr_test.go +++ b/internal/endpointaddr/endpointaddr_test.go @@ -174,7 +174,6 @@ func TestParse(t *testing.T) { expectErr: `host "host.example.com:port1:port2" is not a valid hostname or IP address`, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { got, err := Parse(tt.input, tt.defaultPort) if tt.expectErr == "" { @@ -338,7 +337,6 @@ func TestParseFromURL(t *testing.T) { expectErr: `address [::1]]:443: missing port in address`, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { urlToProcess, err := url.Parse(tt.input) require.NoError(t, err, "ParseFromURL expects a valid url.URL, parse errors here are not valuable") diff --git a/internal/execcredcache/cachefile_test.go b/internal/execcredcache/cachefile_test.go index c4c719486..1c42d5179 100644 --- a/internal/execcredcache/cachefile_test.go +++ b/internal/execcredcache/cachefile_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package execcredcache @@ -70,7 +70,6 @@ func TestReadCache(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() got, err := readCache(tt.path) diff --git a/internal/execcredcache/execcredcache_test.go b/internal/execcredcache/execcredcache_test.go index 1b92a5b87..d7831ac8e 100644 --- a/internal/execcredcache/execcredcache_test.go +++ b/internal/execcredcache/execcredcache_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package execcredcache @@ -162,7 +162,6 @@ func TestGet(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() tmp := t.TempDir() + "/sessions.yaml" @@ -328,7 +327,6 @@ func TestPutToken(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() tmp := t.TempDir() + "/cachedir/credentials.yaml" diff --git a/internal/federationdomain/clientregistry/clientregistry_test.go b/internal/federationdomain/clientregistry/clientregistry_test.go index cc1b0dc6e..1d8f20612 100644 --- a/internal/federationdomain/clientregistry/clientregistry_test.go +++ b/internal/federationdomain/clientregistry/clientregistry_test.go @@ -253,8 +253,6 @@ func TestClientManager(t *testing.T) { } for _, test := range tests { - test := test - t.Run(test.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/downstreamsubject/downstream_subject_test.go b/internal/federationdomain/downstreamsubject/downstream_subject_test.go index 703624e94..b96ec85ad 100644 --- a/internal/federationdomain/downstreamsubject/downstream_subject_test.go +++ b/internal/federationdomain/downstreamsubject/downstream_subject_test.go @@ -42,7 +42,6 @@ func TestLDAP(t *testing.T) { } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -81,7 +80,6 @@ func TestOIDC(t *testing.T) { } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/dynamiccodec/codec_test.go b/internal/federationdomain/dynamiccodec/codec_test.go index d6c85357a..b5380b4b1 100644 --- a/internal/federationdomain/dynamiccodec/codec_test.go +++ b/internal/federationdomain/dynamiccodec/codec_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package dynamiccodec @@ -78,7 +78,6 @@ func TestCodec(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { var ( encoderSigningKey = []byte("some-signing-key") diff --git a/internal/federationdomain/endpoints/auth/auth_handler_test.go b/internal/federationdomain/endpoints/auth/auth_handler_test.go index 52cd06b29..81918abc8 100644 --- a/internal/federationdomain/endpoints/auth/auth_handler_test.go +++ b/internal/federationdomain/endpoints/auth/auth_handler_test.go @@ -3536,7 +3536,6 @@ func TestAuthorizationEndpoint(t *testing.T) { //nolint:gocyclo } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { kubeClient := fake.NewSimpleClientset() supervisorClient := supervisorfake.NewSimpleClientset() diff --git a/internal/federationdomain/endpoints/callback/callback_handler_test.go b/internal/federationdomain/endpoints/callback/callback_handler_test.go index 433365b9c..d0aa3a6b8 100644 --- a/internal/federationdomain/endpoints/callback/callback_handler_test.go +++ b/internal/federationdomain/endpoints/callback/callback_handler_test.go @@ -1529,8 +1529,6 @@ func TestCallbackEndpoint(t *testing.T) { } for _, test := range tests { - test := test - t.Run(test.name, func(t *testing.T) { kubeClient := fake.NewSimpleClientset() supervisorClient := supervisorfake.NewSimpleClientset() diff --git a/internal/federationdomain/endpoints/chooseidp/choose_idp_handler_test.go b/internal/federationdomain/endpoints/chooseidp/choose_idp_handler_test.go index 9ef356afa..de6b687e0 100644 --- a/internal/federationdomain/endpoints/chooseidp/choose_idp_handler_test.go +++ b/internal/federationdomain/endpoints/chooseidp/choose_idp_handler_test.go @@ -132,7 +132,6 @@ func TestChooseIDPHandler(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/endpoints/discovery/discovery_handler_test.go b/internal/federationdomain/endpoints/discovery/discovery_handler_test.go index cd205974e..4092aced0 100644 --- a/internal/federationdomain/endpoints/discovery/discovery_handler_test.go +++ b/internal/federationdomain/endpoints/discovery/discovery_handler_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package discovery @@ -65,7 +65,6 @@ func TestDiscovery(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { handler := NewHandler(test.issuer) req := httptest.NewRequest(test.method, test.path, nil) diff --git a/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler_test.go b/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler_test.go index 892a1dc84..63bd18bbf 100644 --- a/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler_test.go +++ b/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler_test.go @@ -68,7 +68,6 @@ func TestIDPDiscovery(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { idpLister := testidplister.NewUpstreamIDPListerBuilder(). WithOIDC(oidctestutil.NewTestUpstreamOIDCIdentityProviderBuilder().WithName("z-some-oidc-idp").WithAllowPasswordGrant(true).Build()). diff --git a/internal/federationdomain/endpoints/jwks/jwks_handler_test.go b/internal/federationdomain/endpoints/jwks/jwks_handler_test.go index 1c630e5d7..12463b376 100644 --- a/internal/federationdomain/endpoints/jwks/jwks_handler_test.go +++ b/internal/federationdomain/endpoints/jwks/jwks_handler_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package jwks @@ -77,7 +77,6 @@ func TestJWKSEndpoint(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { handler := NewHandler(test.issuer, test.provider) req := httptest.NewRequest(test.method, test.path, nil) diff --git a/internal/federationdomain/endpoints/token/token_handler_test.go b/internal/federationdomain/endpoints/token/token_handler_test.go index e33fee2d1..799990fdd 100644 --- a/internal/federationdomain/endpoints/token/token_handler_test.go +++ b/internal/federationdomain/endpoints/token/token_handler_test.go @@ -927,7 +927,6 @@ func TestTokenEndpointAuthcodeExchange(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -961,7 +960,6 @@ func TestTokenEndpointWhenAuthcodeIsUsedTwice(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -1641,7 +1639,6 @@ func TestTokenEndpointTokenExchange(t *testing.T) { // tests for grant_type "urn }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -4524,7 +4521,6 @@ func TestRefreshGrant(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -5473,7 +5469,6 @@ func TestDiffSortedGroups(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/federationdomainproviders/federation_domain_identity_providers_lister_finder_test.go b/internal/federationdomain/federationdomainproviders/federation_domain_identity_providers_lister_finder_test.go index 7e4d7a5b9..f220b9108 100644 --- a/internal/federationdomain/federationdomainproviders/federation_domain_identity_providers_lister_finder_test.go +++ b/internal/federationdomain/federationdomainproviders/federation_domain_identity_providers_lister_finder_test.go @@ -248,7 +248,6 @@ func TestFederationDomainIdentityProvidersListerFinder(t *testing.T) { } for _, tt := range testFindUpstreamIDPByDisplayName { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -324,7 +323,6 @@ func TestFederationDomainIdentityProvidersListerFinder(t *testing.T) { } for _, tt := range testFindDefaultIDP { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -399,7 +397,6 @@ func TestFederationDomainIdentityProvidersListerFinder(t *testing.T) { } for _, tt := range testGetIdentityProviders { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -450,7 +447,6 @@ func TestFederationDomainIdentityProvidersListerFinder(t *testing.T) { } for _, tt := range testIDPCount { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -503,7 +499,6 @@ func TestFederationDomainIdentityProvidersListerFinder(t *testing.T) { } for _, tt := range testHasDefaultIDP { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/federationdomainproviders/federation_domain_issuer_test.go b/internal/federationdomain/federationdomainproviders/federation_domain_issuer_test.go index 34125d746..05967dca0 100644 --- a/internal/federationdomain/federationdomainproviders/federation_domain_issuer_test.go +++ b/internal/federationdomain/federationdomainproviders/federation_domain_issuer_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package federationdomainproviders @@ -83,7 +83,6 @@ func TestFederationDomainIssuerValidations(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { _, err := NewFederationDomainIssuer(tt.issuer, []*FederationDomainIdentityProvider{}) if tt.wantError != "" { diff --git a/internal/federationdomain/idtokenlifespan/idtoken_lifespan_test.go b/internal/federationdomain/idtokenlifespan/idtoken_lifespan_test.go index 0501525a0..6989bc37d 100644 --- a/internal/federationdomain/idtokenlifespan/idtoken_lifespan_test.go +++ b/internal/federationdomain/idtokenlifespan/idtoken_lifespan_test.go @@ -54,7 +54,6 @@ func TestOverrideIDTokenLifespanInContext(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/oidc/oidc_test.go b/internal/federationdomain/oidc/oidc_test.go index c629dfcc0..6c8e55d01 100644 --- a/internal/federationdomain/oidc/oidc_test.go +++ b/internal/federationdomain/oidc/oidc_test.go @@ -103,7 +103,6 @@ func TestOverrideIDTokenLifespan(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/resolvedprovider/resolvedoidc/resolved_oidc_provider_test.go b/internal/federationdomain/resolvedprovider/resolvedoidc/resolved_oidc_provider_test.go index 25c2c565a..2ab0654b6 100644 --- a/internal/federationdomain/resolvedprovider/resolvedoidc/resolved_oidc_provider_test.go +++ b/internal/federationdomain/resolvedprovider/resolvedoidc/resolved_oidc_provider_test.go @@ -57,7 +57,6 @@ func TestMapAdditionalClaimsFromUpstreamIDToken(t *testing.T) { } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/strategy/dynamic_oauth2_hmac_strategy_test.go b/internal/federationdomain/strategy/dynamic_oauth2_hmac_strategy_test.go index 02bf861c3..c548553c2 100644 --- a/internal/federationdomain/strategy/dynamic_oauth2_hmac_strategy_test.go +++ b/internal/federationdomain/strategy/dynamic_oauth2_hmac_strategy_test.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package strategy @@ -47,7 +47,6 @@ func TestDynamicOauth2HMACStrategy_Signatures(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -94,7 +93,6 @@ func TestDynamicOauth2HMACStrategy_Generate(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -166,7 +164,6 @@ func TestDynamicOauth2HMACStrategy_Validate(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/federationdomain/strategy/dynamic_open_id_connect_ecdsa_strategy_test.go b/internal/federationdomain/strategy/dynamic_open_id_connect_ecdsa_strategy_test.go index 74d548668..0fe8ea733 100644 --- a/internal/federationdomain/strategy/dynamic_open_id_connect_ecdsa_strategy_test.go +++ b/internal/federationdomain/strategy/dynamic_open_id_connect_ecdsa_strategy_test.go @@ -88,7 +88,6 @@ func TestDynamicOpenIDConnectECDSAStrategy(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { jwksProvider := jwks.NewDynamicJWKSProvider() if test.jwksProvider != nil { diff --git a/internal/fositestorage/accesstoken/accesstoken_test.go b/internal/fositestorage/accesstoken/accesstoken_test.go index 522c24c90..2091fc175 100644 --- a/internal/fositestorage/accesstoken/accesstoken_test.go +++ b/internal/fositestorage/accesstoken/accesstoken_test.go @@ -408,7 +408,6 @@ func TestReadFromSecret(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() session, err := ReadFromSecret(tt.secret) diff --git a/internal/fositestorage/authorizationcode/authorizationcode_test.go b/internal/fositestorage/authorizationcode/authorizationcode_test.go index a95d0e970..f39e5580a 100644 --- a/internal/fositestorage/authorizationcode/authorizationcode_test.go +++ b/internal/fositestorage/authorizationcode/authorizationcode_test.go @@ -544,7 +544,6 @@ func TestReadFromSecret(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() session, err := ReadFromSecret(tt.secret) diff --git a/internal/fositestorage/refreshtoken/refreshtoken_test.go b/internal/fositestorage/refreshtoken/refreshtoken_test.go index 6075d0723..dc369a15b 100644 --- a/internal/fositestorage/refreshtoken/refreshtoken_test.go +++ b/internal/fositestorage/refreshtoken/refreshtoken_test.go @@ -465,7 +465,6 @@ func TestReadFromSecret(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() session, err := ReadFromSecret(tt.secret) diff --git a/internal/groupsuffix/groupsuffix.go b/internal/groupsuffix/groupsuffix.go index cb1927c81..b2d3ccdd5 100644 --- a/internal/groupsuffix/groupsuffix.go +++ b/internal/groupsuffix/groupsuffix.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package groupsuffix @@ -186,7 +186,6 @@ func Validate(apiGroupSuffix string) error { errorStrings := validation.IsDNS1123Subdomain(apiGroupSuffix) for _, errorString := range errorStrings { - errorString := errorString errs = append(errs, constable.Error(errorString)) } diff --git a/internal/groupsuffix/groupsuffix_test.go b/internal/groupsuffix/groupsuffix_test.go index 3afcd82eb..bf7f3af4d 100644 --- a/internal/groupsuffix/groupsuffix_test.go +++ b/internal/groupsuffix/groupsuffix_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package groupsuffix @@ -525,7 +525,6 @@ func TestMiddlware(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { m := New(test.apiGroupSuffix) if test.wantNilMiddleware { @@ -542,7 +541,6 @@ func TestMiddlware(t *testing.T) { objMutated := test.requestObj.DeepCopyObject().(kubeclient.Object) var mutateRequestErrors []string for _, mutateRequest := range test.rt.MutateRequests { - mutateRequest := mutateRequest if err := mutateRequest(objMutated); err != nil { mutateRequestErrors = append(mutateRequestErrors, err.Error()) } @@ -559,7 +557,6 @@ func TestMiddlware(t *testing.T) { objMutated := test.responseObj.DeepCopyObject().(kubeclient.Object) var mutateResponseErrors []string for _, mutateResponse := range test.rt.MutateResponses { - mutateResponse := mutateResponse if err := mutateResponse(objMutated); err != nil { mutateResponseErrors = append(mutateResponseErrors, err.Error()) } @@ -637,7 +634,6 @@ func TestValidate(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.apiGroupSuffix, func(t *testing.T) { err := Validate(test.apiGroupSuffix) if test.wantErrorPrefix != "" { diff --git a/internal/httputil/securityheader/securityheader_test.go b/internal/httputil/securityheader/securityheader_test.go index 6181acc50..d08b2f093 100644 --- a/internal/httputil/securityheader/securityheader_test.go +++ b/internal/httputil/securityheader/securityheader_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package securityheader @@ -56,7 +56,6 @@ func TestWrap(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { testServer := httptest.NewServer(tt.wrapFunc(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("X-Test-Header", "test value") diff --git a/internal/idtransform/identity_transformations_test.go b/internal/idtransform/identity_transformations_test.go index 59ed78c82..e1db0a321 100644 --- a/internal/idtransform/identity_transformations_test.go +++ b/internal/idtransform/identity_transformations_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2023-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package idtransform @@ -297,7 +297,6 @@ func TestTransformationPipelineEvaluation(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/kubeclient/gvk_test.go b/internal/kubeclient/gvk_test.go index cf0f711c5..6a590501e 100644 --- a/internal/kubeclient/gvk_test.go +++ b/internal/kubeclient/gvk_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubeclient @@ -172,7 +172,6 @@ func Test_maybeRestoreGVK(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { serializer := &testSerializer{unknown: tt.args.unknown} respData := []byte(`original`) diff --git a/internal/kubeclient/kubeclient_test.go b/internal/kubeclient/kubeclient_test.go index a4e95313f..c16c9d8fb 100644 --- a/internal/kubeclient/kubeclient_test.go +++ b/internal/kubeclient/kubeclient_test.go @@ -602,7 +602,6 @@ func TestKubeclient(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { _, restConfig := fakekubeapi.Start(t, nil) @@ -1134,7 +1133,6 @@ func testUnwrap(t *testing.T, client *Client, serverSubjects [][]byte, tlsConfig }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() // make sure to run in parallel to confirm that our client-go TLS cache busting works (i.e. assert no data races) diff --git a/internal/kubeclient/middleware.go b/internal/kubeclient/middleware.go index 15760592d..4c5aa3226 100644 --- a/internal/kubeclient/middleware.go +++ b/internal/kubeclient/middleware.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubeclient @@ -33,7 +33,6 @@ type Middlewares []Middleware func (m Middlewares) Handle(ctx context.Context, rt RoundTrip) { for _, middleware := range m { - middleware := middleware middleware.Handle(ctx, rt) } } @@ -116,7 +115,6 @@ func (r *request) mutateRequest(obj Object) (*mutationResult, error) { var errs []error for _, reqFunc := range r.reqFuncs { - reqFunc := reqFunc if err := reqFunc(obj); err != nil { errs = append(errs, err) } @@ -146,7 +144,6 @@ func (r *request) mutateResponse(obj Object) (bool, error) { var errs []error for _, respFunc := range r.respFuncs { - respFunc := respFunc if err := respFunc(obj); err != nil { errs = append(errs, err) } diff --git a/internal/kubeclient/middleware_test.go b/internal/kubeclient/middleware_test.go index 583b3f746..3817a05a6 100644 --- a/internal/kubeclient/middleware_test.go +++ b/internal/kubeclient/middleware_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubeclient @@ -50,7 +50,6 @@ func Test_request_mutate(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { r := &request{reqFuncs: tt.reqFuncs} orig := tt.obj.DeepCopyObject() diff --git a/internal/kubeclient/path_test.go b/internal/kubeclient/path_test.go index db72a8684..a2e39200c 100644 --- a/internal/kubeclient/path_test.go +++ b/internal/kubeclient/path_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubeclient @@ -127,7 +127,6 @@ func Test_updatePathNewGVK(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { got, err := updatePathNewGVK(tt.args.reqURL, tt.args.result, tt.args.apiPathPrefix, tt.args.reqInfo) if (err != nil) != tt.wantErr { @@ -213,7 +212,6 @@ func Test_reqWithoutPrefix(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { req := *tt.args.req if got := reqWithoutPrefix(&req, tt.args.hostURL, tt.args.apiPathPrefix); !reflect.DeepEqual(got, tt.want) { diff --git a/internal/kubeclient/roundtrip.go b/internal/kubeclient/roundtrip.go index b6f8decf5..e95c492aa 100644 --- a/internal/kubeclient/roundtrip.go +++ b/internal/kubeclient/roundtrip.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubeclient @@ -98,7 +98,6 @@ func newWrapper( } for _, middleware := range middlewares { - middleware := middleware middleware.Handle(req.Context(), middlewareReq) } diff --git a/internal/kubeclient/scheme_test.go b/internal/kubeclient/scheme_test.go index 6e69026c2..314f352d6 100644 --- a/internal/kubeclient/scheme_test.go +++ b/internal/kubeclient/scheme_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubeclient @@ -139,7 +139,6 @@ func Test_schemeRestMapper(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { schemeRestMapperFunc := schemeRestMapper(tt.args.scheme) gvk, ok := schemeRestMapperFunc(tt.args.gvr, tt.args.v) diff --git a/internal/kubeclient/verb_test.go b/internal/kubeclient/verb_test.go index c9df4f898..2f726e8ba 100644 --- a/internal/kubeclient/verb_test.go +++ b/internal/kubeclient/verb_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubeclient @@ -46,7 +46,6 @@ func Test_verb(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { require.Equal(t, tt.want, tt.f()) }) diff --git a/internal/leaderelection/leaderelection_test.go b/internal/leaderelection/leaderelection_test.go index 33a69ec7e..8fb76f855 100644 --- a/internal/leaderelection/leaderelection_test.go +++ b/internal/leaderelection/leaderelection_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package leaderelection @@ -58,7 +58,6 @@ func Test_releaseLock_Update(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/localuserauthenticator/localuserauthenticator_test.go b/internal/localuserauthenticator/localuserauthenticator_test.go index 8a5062675..da0df8c4b 100644 --- a/internal/localuserauthenticator/localuserauthenticator_test.go +++ b/internal/localuserauthenticator/localuserauthenticator_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package localuserauthenticator @@ -390,7 +390,6 @@ func TestWebhook(t *testing.T) { } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { parsedURL, err := url.Parse(test.url) require.NoError(t, err) diff --git a/internal/net/phttp/debug_test.go b/internal/net/phttp/debug_test.go index fe5b12a02..1b0748235 100644 --- a/internal/net/phttp/debug_test.go +++ b/internal/net/phttp/debug_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package phttp @@ -237,7 +237,6 @@ func Test_safeDebugWrappers_clean(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/net/phttp/phttp_test.go b/internal/net/phttp/phttp_test.go index 3a37983cf..e806fd627 100644 --- a/internal/net/phttp/phttp_test.go +++ b/internal/net/phttp/phttp_test.go @@ -38,7 +38,6 @@ func TestUnwrap(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -78,7 +77,6 @@ func TestClient(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/net/phttp/warning_test.go b/internal/net/phttp/warning_test.go index 4ca8a4487..2660fad6d 100644 --- a/internal/net/phttp/warning_test.go +++ b/internal/net/phttp/warning_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package phttp @@ -67,7 +67,6 @@ func Test_warningWrapper(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/oidcclientsecretstorage/oidcclientsecretstorage_test.go b/internal/oidcclientsecretstorage/oidcclientsecretstorage_test.go index f2b46db0d..aeb17fbb9 100644 --- a/internal/oidcclientsecretstorage/oidcclientsecretstorage_test.go +++ b/internal/oidcclientsecretstorage/oidcclientsecretstorage_test.go @@ -1,4 +1,4 @@ -// Copyright 2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package oidcclientsecretstorage @@ -115,7 +115,6 @@ func TestGet(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() kubeClient := fake.NewSimpleClientset() @@ -325,7 +324,6 @@ func TestSet(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() kubeClient := fake.NewSimpleClientset() @@ -389,7 +387,6 @@ func TestGetStorageSecret(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -523,7 +520,6 @@ func TestReadFromSecret(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() hashes, err := ReadFromSecret(tt.secret) diff --git a/internal/ownerref/ownerref_test.go b/internal/ownerref/ownerref_test.go index 7f98ff945..7b05b477a 100644 --- a/internal/ownerref/ownerref_test.go +++ b/internal/ownerref/ownerref_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package ownerref @@ -194,7 +194,6 @@ func TestOwnerReferenceMiddleware(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { middleware := New(tt.args.ref) @@ -212,7 +211,6 @@ func TestOwnerReferenceMiddleware(t *testing.T) { orig := tt.args.obj.DeepCopyObject().(kubeclient.Object) for _, mutateRequest := range rt.MutateRequests { - mutateRequest := mutateRequest require.NoError(t, mutateRequest(tt.args.obj)) } if !tt.wantMutates { diff --git a/internal/plog/config_test.go b/internal/plog/config_test.go index c5e750377..462610180 100644 --- a/internal/plog/config_test.go +++ b/internal/plog/config_test.go @@ -217,7 +217,6 @@ func TestValidateAndSetLogLevelGlobally(t *testing.T) { }, } for _, tt := range tests { - tt := tt // capture range variable t.Run(tt.name, func(t *testing.T) { defer func() { undoGlobalLogLevelChanges(t, originalLogLevel) diff --git a/internal/plog/plog.go b/internal/plog/plog.go index 060e70360..9b722fe52 100644 --- a/internal/plog/plog.go +++ b/internal/plog/plog.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 // Package plog implements a thin layer over logr to help enforce pinniped's logging convention. @@ -190,7 +190,6 @@ func (p pLogger) withLogrMod(mod func(logr.Logger) logr.Logger) Logger { func (p pLogger) logr() logr.Logger { l := Logr() // grab the current global logger and its current config for _, mod := range p.mods { - mod := mod l = mod(l) // and then update it with all modifications } return l // this logger is guaranteed to have the latest config and all modifications diff --git a/internal/plog/plog_test.go b/internal/plog/plog_test.go index c116a939e..1359c23aa 100644 --- a/internal/plog/plog_test.go +++ b/internal/plog/plog_test.go @@ -357,7 +357,6 @@ func TestPlog(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/registry/clientsecretrequest/rest_test.go b/internal/registry/clientsecretrequest/rest_test.go index 0595de17c..4a1f7aab3 100644 --- a/internal/registry/clientsecretrequest/rest_test.go +++ b/internal/registry/clientsecretrequest/rest_test.go @@ -1557,8 +1557,6 @@ func TestCreate(t *testing.T) { }, } for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { // t.Parallel() should not be used because we are mutating the global logger. var log bytes.Buffer diff --git a/internal/registry/whoamirequest/rest_test.go b/internal/registry/whoamirequest/rest_test.go index c840479cc..77f9a53ee 100644 --- a/internal/registry/whoamirequest/rest_test.go +++ b/internal/registry/whoamirequest/rest_test.go @@ -1,4 +1,4 @@ -// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package whoamirequest @@ -193,7 +193,6 @@ func TestCreate(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { r := &REST{} got, err := r.Create(tt.args.ctx, tt.args.obj, tt.args.createValidation, tt.args.options) diff --git a/internal/supervisor/scheme/scheme_test.go b/internal/supervisor/scheme/scheme_test.go index 8c0b0bde5..af2cebeb9 100644 --- a/internal/supervisor/scheme/scheme_test.go +++ b/internal/supervisor/scheme/scheme_test.go @@ -1,4 +1,4 @@ -// Copyright 2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package scheme @@ -133,7 +133,6 @@ func TestNew(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { scheme, clientSecretGV := New(tt.apiGroupSuffix) require.Equal(t, tt.want, scheme.AllKnownTypes()) diff --git a/internal/tokenclient/tokenclient_test.go b/internal/tokenclient/tokenclient_test.go index 365d83bcb..426c0f29f 100644 --- a/internal/tokenclient/tokenclient_test.go +++ b/internal/tokenclient/tokenclient_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2023-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package tokenclient @@ -90,7 +90,6 @@ func TestNew(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -166,7 +165,6 @@ func TestFetchToken(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -323,7 +321,6 @@ func TestStart(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/internal/upstreamldap/upstreamldap_test.go b/internal/upstreamldap/upstreamldap_test.go index 8842292ff..c8308f96a 100644 --- a/internal/upstreamldap/upstreamldap_test.go +++ b/internal/upstreamldap/upstreamldap_test.go @@ -2172,7 +2172,6 @@ func TestUpstreamRefresh(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { ctrl := gomock.NewController(t) t.Cleanup(ctrl.Finish) diff --git a/internal/upstreamoidc/upstreamoidc_test.go b/internal/upstreamoidc/upstreamoidc_test.go index 1090d4b70..904bf6b21 100644 --- a/internal/upstreamoidc/upstreamoidc_test.go +++ b/internal/upstreamoidc/upstreamoidc_test.go @@ -22,6 +22,7 @@ import ( "go.uber.org/mock/gomock" "golang.org/x/oauth2" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "go.pinniped.dev/internal/federationdomain/dynamicupstreamprovider" "go.pinniped.dev/internal/federationdomain/upstreamprovider" @@ -241,7 +242,6 @@ func TestProviderConfig(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { tokenServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { require.Equal(t, http.MethodPost, r.Method) @@ -310,7 +310,7 @@ func TestProviderConfig(t *testing.T) { return } require.NoError(t, err) - require.Equal(t, &tt.wantToken, tok) + require.Equal(t, ptr.To(tt.wantToken), tok) require.Equal(t, tt.wantUserInfoCalled, p.Provider.(*mockProvider).called) }) } @@ -413,7 +413,6 @@ func TestProviderConfig(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { tokenServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { require.Equal(t, http.MethodPost, r.Method) @@ -649,7 +648,6 @@ func TestProviderConfig(t *testing.T) { }, } for _, tt := range tests { - tt := tt numRequests := 0 t.Run(tt.name, func(t *testing.T) { tokenServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -1086,7 +1084,6 @@ func TestProviderConfig(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { p := ProviderConfig{ Name: "test-name", @@ -1334,7 +1331,6 @@ func TestProviderConfig(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { tokenServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { require.Equal(t, http.MethodPost, r.Method) @@ -1404,7 +1400,7 @@ func TestProviderConfig(t *testing.T) { return } require.NoError(t, err) - require.Equal(t, &tt.wantToken, tok) + require.Equal(t, ptr.To(tt.wantToken), tok) require.Equal(t, tt.wantUserInfoCalled, p.Provider.(*mockProvider).called) }) } diff --git a/internal/valuelesscontext/valuelesscontext_test.go b/internal/valuelesscontext/valuelesscontext_test.go index ba593dfe1..4938a4f13 100644 --- a/internal/valuelesscontext/valuelesscontext_test.go +++ b/internal/valuelesscontext/valuelesscontext_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package valuelesscontext @@ -208,7 +208,6 @@ func TestNew(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/pkg/conciergeclient/conciergeclient_test.go b/pkg/conciergeclient/conciergeclient_test.go index d44c9508e..edc1148c6 100644 --- a/pkg/conciergeclient/conciergeclient_test.go +++ b/pkg/conciergeclient/conciergeclient_test.go @@ -135,7 +135,6 @@ func TestNew(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() got, err := New(tt.opts...) diff --git a/pkg/oidcclient/filesession/cachefile_test.go b/pkg/oidcclient/filesession/cachefile_test.go index 413cd5f02..cf1cf7640 100644 --- a/pkg/oidcclient/filesession/cachefile_test.go +++ b/pkg/oidcclient/filesession/cachefile_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package filesession @@ -91,7 +91,6 @@ func TestReadSessionCache(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() got, err := readSessionCache(tt.path) diff --git a/pkg/oidcclient/filesession/filesession_test.go b/pkg/oidcclient/filesession/filesession_test.go index f2ff116c3..ec9e0dec9 100644 --- a/pkg/oidcclient/filesession/filesession_test.go +++ b/pkg/oidcclient/filesession/filesession_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package filesession @@ -218,7 +218,6 @@ func TestGetToken(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() tmp := t.TempDir() + "/sessions.yaml" @@ -476,7 +475,6 @@ func TestPutToken(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() tmp := t.TempDir() + "/sessiondir/sessions.yaml" diff --git a/pkg/oidcclient/login_test.go b/pkg/oidcclient/login_test.go index 949419e9e..7cfded622 100644 --- a/pkg/oidcclient/login_test.go +++ b/pkg/oidcclient/login_test.go @@ -2391,7 +2391,6 @@ func TestLogin(t *testing.T) { //nolint:gocyclo }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { testLogger := testlogger.NewLegacy(t) //nolint:staticcheck // old test with lots of log statements klog.SetLogger(testLogger.Logger) // this is unfortunately a global logger, so can't run these tests in parallel :( @@ -2603,7 +2602,6 @@ func TestHandlePasteCallback(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() @@ -2914,7 +2912,6 @@ func TestHandleAuthCodeCallback(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/test/integration/cli_test.go b/test/integration/cli_test.go index 0da362f66..f3cf3b80c 100644 --- a/test/integration/cli_test.go +++ b/test/integration/cli_test.go @@ -73,7 +73,6 @@ func TestCLIGetKubeconfigStaticToken_Parallel(t *testing.T) { testlib.AccessAsUserWithKubectlTest(stdout, env.TestUser.ExpectedUsername, env.ConciergeNamespace), ) for _, group := range env.TestUser.ExpectedGroups { - group := group t.Run( "access as group "+group+" with kubectl", testlib.AccessAsGroupWithKubectlTest(stdout, group, env.ConciergeNamespace), @@ -86,7 +85,6 @@ func TestCLIGetKubeconfigStaticToken_Parallel(t *testing.T) { // Validate that we can auth to the API via our user. t.Run("access as user with client-go", testlib.AccessAsUserTest(ctx, env.TestUser.ExpectedUsername, kubeClient)) for _, group := range env.TestUser.ExpectedGroups { - group := group t.Run("access as group "+group+" with client-go", testlib.AccessAsGroupTest(ctx, group, kubeClient)) } diff --git a/test/integration/concierge_api_serving_certs_test.go b/test/integration/concierge_api_serving_certs_test.go index d5350c056..8d08c6dc7 100644 --- a/test/integration/concierge_api_serving_certs_test.go +++ b/test/integration/concierge_api_serving_certs_test.go @@ -72,7 +72,6 @@ func TestAPIServingCertificateAutoCreationAndRotation_Disruptive(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { kubeClient := testlib.NewKubernetesClientset(t) aggregatedClient := testlib.NewAggregatedClientset(t) diff --git a/test/integration/concierge_credentialrequest_test.go b/test/integration/concierge_credentialrequest_test.go index cadf16de9..9292f487c 100644 --- a/test/integration/concierge_credentialrequest_test.go +++ b/test/integration/concierge_credentialrequest_test.go @@ -94,7 +94,6 @@ func TestSuccessfulCredentialRequest_Browser(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { authenticator := test.authenticator(ctx, t) token, username, groups := test.token(t) @@ -132,7 +131,6 @@ func TestSuccessfulCredentialRequest_Browser(t *testing.T) { testlib.AccessAsUserTest(ctx, username, clientWithCertFromCredentialRequest), ) for _, group := range groups { - group := group t.Run( "access as group "+group, testlib.AccessAsGroupTest(ctx, group, clientWithCertFromCredentialRequest), diff --git a/test/integration/concierge_impersonation_proxy_test.go b/test/integration/concierge_impersonation_proxy_test.go index 38ebb23ce..28ed71704 100644 --- a/test/integration/concierge_impersonation_proxy_test.go +++ b/test/integration/concierge_impersonation_proxy_test.go @@ -328,7 +328,6 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl testlib.AccessAsUserTest(ctx, env.TestUser.ExpectedUsername, impersonationProxyKubeClient(t)), ) for _, group := range env.TestUser.ExpectedGroups { - group := group t.Run( "access as group "+group, testlib.AccessAsGroupTest(ctx, group, impersonationProxyKubeClient(t)), @@ -2042,8 +2041,6 @@ func ensureDNSResolves(t *testing.T, urlString string) { defer cancel() for _, resolver := range []*net.Resolver{goResolver, notGoResolver} { - resolver := resolver - ips, ipErr := resolver.LookupIPAddr(ctx, host) requireEventually.NoError(ipErr) requireEventually.NotEmpty(ips) diff --git a/test/integration/kube_api_discovery_test.go b/test/integration/kube_api_discovery_test.go index dbf9e2155..5136f1aff 100644 --- a/test/integration/kube_api_discovery_test.go +++ b/test/integration/kube_api_discovery_test.go @@ -463,10 +463,9 @@ func TestGetAPIResourceList(t *testing.T) { //nolint:gocyclo // each t.Run is pr }) for _, tt := range tests { - tt := tt t.Run(tt.group.Name, func(t *testing.T) { t.Parallel() - require.Contains(t, groups, &tt.group) + require.Contains(t, groups, tt.group.DeepCopy()) for groupVersion, expectedResources := range tt.resourceByVersion { // Find the actual resource list and make a copy. diff --git a/test/integration/leaderelection_test.go b/test/integration/leaderelection_test.go index 58853382a..1d9c42d8a 100644 --- a/test/integration/leaderelection_test.go +++ b/test/integration/leaderelection_test.go @@ -182,7 +182,6 @@ func leaderElectionClients(t *testing.T, namespace *corev1.Namespace, leaseName func pickRandomLeaderElectionClient(clients map[string]*kubeclient.Client) *kubeclient.Client { for _, client := range clients { - client := client return client } panic("clients map was empty") @@ -223,8 +222,6 @@ func runWriteRequests(ctx context.Context, clients map[string]*kubeclient.Client out := make(map[string]error, len(clients)) for identity, client := range clients { - identity, client := identity, client - out[identity] = runWriteRequest(ctx, client) } @@ -246,8 +243,6 @@ func checkOnlyLeaderCanWrite(ctx context.Context, t *testing.T, namespace *corev testlib.RequireEventually(t, func(requireEventually *require.Assertions) { var leaders, nonLeaders int for identity, err := range runWriteRequests(ctx, clients) { - identity, err := identity, err - if identity == *lease.Spec.HolderIdentity { leaders++ requireEventually.NoError(err, "leader client %q should have no error", identity) diff --git a/test/integration/main_test.go b/test/integration/main_test.go index 5995ef0be..f3b5992aa 100644 --- a/test/integration/main_test.go +++ b/test/integration/main_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -39,8 +39,6 @@ func splitIntegrationTestsIntoBuckets(m *testing.M) { var serialTests, parallelTests, disruptiveTests, finalTests []testing.InternalTest for _, test := range tests { - test := test - // top level integration tests the end with the string _Parallel // are indicating that they are safe to run in parallel with // other serial tests (which Go does not let you easily express). @@ -69,7 +67,6 @@ func splitIntegrationTestsIntoBuckets(m *testing.M) { t.Parallel() // outer test always runs in parallel for this bucket for _, test := range serialTests { - test := test t.Run(test.Name, func(t *testing.T) { test.F(t) // inner serial tests do not run in parallel }) @@ -84,7 +81,6 @@ func splitIntegrationTestsIntoBuckets(m *testing.M) { t.Parallel() // outer test always runs in parallel for this bucket for _, test := range parallelTests { - test := test t.Run(test.Name, func(t *testing.T) { t.Parallel() // inner parallel tests do run in parallel @@ -101,7 +97,6 @@ func splitIntegrationTestsIntoBuckets(m *testing.M) { // outer test never runs in parallel for this bucket for _, test := range disruptiveTests { - test := test t.Run(test.Name, func(t *testing.T) { test.F(t) // inner disruptive tests do not run in parallel }) diff --git a/test/integration/securetls_test.go b/test/integration/securetls_test.go index 209e1dd89..ab48394a5 100644 --- a/test/integration/securetls_test.go +++ b/test/integration/securetls_test.go @@ -128,7 +128,6 @@ func TestSecureTLSSupervisor(t *testing.T) { defaultECDSAOnly := ptls.Default(nil) ciphers := make([]uint16, 0, len(defaultECDSAOnly.CipherSuites)/2) for _, id := range defaultECDSAOnly.CipherSuites { - id := id if !strings.Contains(tls.CipherSuiteName(id), "_ECDSA_") { continue } diff --git a/test/integration/supervisor_discovery_test.go b/test/integration/supervisor_discovery_test.go index 09f35bd6c..e1ea9dec4 100644 --- a/test/integration/supervisor_discovery_test.go +++ b/test/integration/supervisor_discovery_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -73,7 +73,6 @@ func TestSupervisorOIDCDiscovery_Disruptive(t *testing.T) { } for _, test := range tests { - test := test t.Run(test.Name, func(t *testing.T) { scheme := test.Scheme addr := test.Address diff --git a/test/integration/supervisor_oidc_client_test.go b/test/integration/supervisor_oidc_client_test.go index 1658eceb7..5a11746cd 100644 --- a/test/integration/supervisor_oidc_client_test.go +++ b/test/integration/supervisor_oidc_client_test.go @@ -398,7 +398,6 @@ func TestOIDCClientStaticValidation_Parallel(t *testing.T) { require.Len(t, statusErr.ErrStatus.Details.Causes, 4) out := make([]string, 0, len(statusErr.ErrStatus.Details.Causes)) for _, cause := range statusErr.ErrStatus.Details.Causes { - cause := cause out = append(out, fmt.Sprintf("%s: %s", cause.Field, cause.Message)) } sort.Strings(out) @@ -486,7 +485,6 @@ func TestOIDCClientStaticValidation_Parallel(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { if tt.skip { t.Skip() @@ -688,7 +686,6 @@ func TestOIDCClientControllerValidations_Parallel(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/test/integration/supervisor_oidcclientsecret_test.go b/test/integration/supervisor_oidcclientsecret_test.go index 0c9aa4787..1eb38b77f 100644 --- a/test/integration/supervisor_oidcclientsecret_test.go +++ b/test/integration/supervisor_oidcclientsecret_test.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -207,8 +207,6 @@ func TestKubectlOIDCClientSecretRequest_Parallel(t *testing.T) { }, } for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { t.Parallel() ctx, cancel := context.WithTimeout(context.Background(), 13*time.Minute) @@ -873,8 +871,6 @@ func TestCreateOIDCClientSecretRequest_Parallel(t *testing.T) { }, } for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { t.Parallel() ctx, cancel := context.WithTimeout(context.Background(), 13*time.Minute) diff --git a/test/integration/supervisor_secrets_test.go b/test/integration/supervisor_secrets_test.go index 2ee1643c8..4c4d0376a 100644 --- a/test/integration/supervisor_secrets_test.go +++ b/test/integration/supervisor_secrets_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -78,7 +78,6 @@ func TestSupervisorSecrets_Parallel(t *testing.T) { }, } for _, test := range tests { - test := test t.Run(test.name, func(t *testing.T) { // Ensure a secret is created with the FederationDomain's JWKS. var updatedFederationDomain *configv1alpha1.FederationDomain From e9d0ac51101769fa54ab60b621d77285cee54961 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 8 May 2024 11:43:48 -0500 Subject: [PATCH 07/13] Enable 'intrange' linter --- .golangci.yaml | 1 + internal/backoff/infinitebackoff_test.go | 4 ++-- internal/celtransformer/celformer_test.go | 22 +++++++++---------- .../authenticator/authncache/cache_test.go | 2 +- internal/secret/cache_test.go | 8 +++---- .../concierge_api_serving_certs_test.go | 2 +- test/integration/ldap_client_test.go | 6 ++--- test/integration/leaderelection_test.go | 2 +- ...supervisor_federationdomain_status_test.go | 4 ++-- .../supervisor_oidc_client_test.go | 2 +- test/testlib/activedirectory.go | 4 ++-- 11 files changed, 29 insertions(+), 28 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 07dfef586..acc6d576a 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -46,6 +46,7 @@ linters: - unconvert - whitespace - copyloopvar + - intrange issues: exclude-rules: diff --git a/internal/backoff/infinitebackoff_test.go b/internal/backoff/infinitebackoff_test.go index 1de2b1437..9ffa1c493 100644 --- a/internal/backoff/infinitebackoff_test.go +++ b/internal/backoff/infinitebackoff_test.go @@ -22,7 +22,7 @@ func TestInfiniteBackoff(t *testing.T) { stepper: &InfiniteBackoff{}, expectedSequence: func() []time.Duration { results := make([]time.Duration, 1000) - for i := 0; i < 1000; i++ { + for i := range 1000 { results[i] = time.Duration(0) } return results @@ -69,7 +69,7 @@ func TestInfiniteBackoff(t *testing.T) { }, expectedSequence: func() []time.Duration { results := make([]time.Duration, 1000) - for i := 0; i < 1000; i++ { + for i := range 1000 { results[i] = 20 * time.Nanosecond } return results diff --git a/internal/celtransformer/celformer_test.go b/internal/celtransformer/celformer_test.go index df4aac44b..bc84e65ff 100644 --- a/internal/celtransformer/celformer_test.go +++ b/internal/celtransformer/celformer_test.go @@ -19,9 +19,9 @@ import ( ) func TestTransformer(t *testing.T) { - var veryLargeGroupList []string - for i := 0; i < 10000; i++ { - veryLargeGroupList = append(veryLargeGroupList, fmt.Sprintf("g%d", i)) + veryLargeGroupList := make([]string, 10000) + for i := range 10000 { + veryLargeGroupList[i] = fmt.Sprintf("g%d", i) } alreadyCancelledContext, cancel := context.WithCancel(context.Background()) @@ -849,11 +849,11 @@ func TestTypicalPerformanceAndThreadSafety(t *testing.T) { require.NoError(t, err) pipeline.AppendTransformation(compiledTransform) - var groups []string - var wantGroups []string - for i := 0; i < 100; i++ { - groups = append(groups, fmt.Sprintf("g%d", i)) - wantGroups = append(wantGroups, fmt.Sprintf("group_prefix:g%d", i)) + groups := make([]string, 100) + wantGroups := make([]string, 100) + for i := range 100 { + groups[i] = fmt.Sprintf("g%d", i) + wantGroups[i] = fmt.Sprintf("group_prefix:g%d", i) } sort.Strings(wantGroups) @@ -869,7 +869,7 @@ func TestTypicalPerformanceAndThreadSafety(t *testing.T) { // and 100 group names. It is not meant to be a pass/fail test or scientific benchmark test. iterations := 1000 start := time.Now() - for i := 0; i < iterations; i++ { + for range iterations { _, _ = pipeline.Evaluate(context.Background(), "ryan", groups) } elapsed := time.Since(start) @@ -884,11 +884,11 @@ func TestTypicalPerformanceAndThreadSafety(t *testing.T) { var wg sync.WaitGroup numGoroutines := runtime.NumCPU() / 2 t.Logf("Running tight loops in %d simultaneous goroutines", numGoroutines) - for i := 0; i < numGoroutines; i++ { + for range numGoroutines { wg.Add(1) // increment WaitGroup counter for each goroutine go func() { defer wg.Done() // decrement WaitGroup counter when this goroutine finishes - for j := 0; j < iterations*2; j++ { + for range iterations * 2 { localResult, localErr := pipeline.Evaluate(context.Background(), "ryan", groups) require.NoError(t, localErr) require.Equal(t, "username_prefix:ryan", localResult.Username) diff --git a/internal/controller/authenticator/authncache/cache_test.go b/internal/controller/authenticator/authncache/cache_test.go index 368c3708d..f9dfec1ee 100644 --- a/internal/controller/authenticator/authncache/cache_test.go +++ b/internal/controller/authenticator/authncache/cache_test.go @@ -55,7 +55,7 @@ func TestCache(t *testing.T) { {APIGroup: "b", Kind: "b", Name: "a"}, {APIGroup: "b", Kind: "b", Name: "b"}, } - for tries := 0; tries < 10; tries++ { + for range 10 { cache := New() for _, i := range rand.Perm(len(keysInExpectedOrder)) { cache.Store(keysInExpectedOrder[i], nil) diff --git a/internal/secret/cache_test.go b/internal/secret/cache_test.go index 0a6b500c3..bdafbc392 100644 --- a/internal/secret/cache_test.go +++ b/internal/secret/cache_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package secret @@ -74,7 +74,7 @@ func TestCacheSynchronized(t *testing.T) { eg, _ := errgroup.WithContext(ctx) eg.Go(func() error { - for i := 0; i < 100; i++ { + for range 100 { require.Equal(t, csrfCookieEncoderHashKey, c.GetCSRFCookieEncoderHashKey()) require.Equal(t, tokenHMACKey, c.GetTokenHMACKey(issuer)) require.Equal(t, stateEncoderHashKey, c.GetStateEncoderHashKey(issuer)) @@ -84,7 +84,7 @@ func TestCacheSynchronized(t *testing.T) { }) eg.Go(func() error { - for i := 0; i < 100; i++ { + for range 100 { require.Equal(t, csrfCookieEncoderHashKey, c.GetCSRFCookieEncoderHashKey()) require.Equal(t, tokenHMACKey, c.GetTokenHMACKey(issuer)) require.Equal(t, stateEncoderHashKey, c.GetStateEncoderHashKey(issuer)) @@ -94,7 +94,7 @@ func TestCacheSynchronized(t *testing.T) { }) eg.Go(func() error { - for i := 0; i < 100; i++ { + for range 100 { require.Nil(t, c.GetTokenHMACKey(otherIssuer)) require.Nil(t, c.GetStateEncoderHashKey(otherIssuer)) require.Nil(t, c.GetStateEncoderBlockKey(otherIssuer)) diff --git a/test/integration/concierge_api_serving_certs_test.go b/test/integration/concierge_api_serving_certs_test.go index 8d08c6dc7..7b35390ae 100644 --- a/test/integration/concierge_api_serving_certs_test.go +++ b/test/integration/concierge_api_serving_certs_test.go @@ -150,7 +150,7 @@ func TestAPIServingCertificateAutoCreationAndRotation_Disruptive(t *testing.T) { // our code changes all the certs immediately thus this should be healthy fairly quickly // if this starts flaking, check for bugs in our dynamiccertificates.Notifier implementation testlib.RequireEventually(t, func(requireEventually *require.Assertions) { - for i := 0; i < 10; i++ { + for range 10 { _, err := conciergeClient.LoginV1alpha1().TokenCredentialRequests().Create(ctx, &loginv1alpha1.TokenCredentialRequest{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{}, diff --git a/test/integration/ldap_client_test.go b/test/integration/ldap_client_test.go index b7eeb10ce..7a4fac130 100644 --- a/test/integration/ldap_client_test.go +++ b/test/integration/ldap_client_test.go @@ -781,7 +781,7 @@ func TestSimultaneousLDAPRequestsOnSingleProvider(t *testing.T) { // without triggering the race detector. iterations := 150 resultCh := make(chan authUserResult, iterations) - for i := 0; i < iterations; i++ { + for range iterations { go func() { authUserCtx, authUserCtxCancelFunc := context.WithTimeout(context.Background(), 2*time.Minute) defer authUserCtxCancelFunc() @@ -794,7 +794,7 @@ func TestSimultaneousLDAPRequestsOnSingleProvider(t *testing.T) { } }() } - for i := 0; i < iterations; i++ { + for range iterations { result := <-resultCh // Record failures but allow the test to keep running so that all the background goroutines have a chance to try. assert.NoError(t, result.err) @@ -854,7 +854,7 @@ func findRecentlyUnusedLocalhostPorts(t *testing.T, howManyPorts int) []string { t.Helper() listeners := []net.Listener{} - for i := 0; i < howManyPorts; i++ { + for range howManyPorts { unusedPortGrabbingListener, err := net.Listen("tcp", "127.0.0.1:0") require.NoError(t, err) listeners = append(listeners, unusedPortGrabbingListener) diff --git a/test/integration/leaderelection_test.go b/test/integration/leaderelection_test.go index 1d9c42d8a..6d5a81a7a 100644 --- a/test/integration/leaderelection_test.go +++ b/test/integration/leaderelection_test.go @@ -170,7 +170,7 @@ func leaderElectionClients(t *testing.T, namespace *corev1.Namespace, leaseName clients := make(map[string]*kubeclient.Client, count) cancels := make(map[string]context.CancelFunc, count) - for i := 0; i < count; i++ { + for range count { identity := "leader-election-client-" + rand.String(5) clients[identity], cancels[identity] = leaderElectionClient(t, namespace, leaseName, identity) } diff --git a/test/integration/supervisor_federationdomain_status_test.go b/test/integration/supervisor_federationdomain_status_test.go index 454d19de2..82c213bc5 100644 --- a/test/integration/supervisor_federationdomain_status_test.go +++ b/test/integration/supervisor_federationdomain_status_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2023-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -929,7 +929,7 @@ func TestSupervisorFederationDomainCRDValidations_Parallel(t *testing.T) { // For the above tests, it should be enough to assume that there will only be indices up to 10. // This is useful when the only difference in the message between old and new is the missing indices. // Otherwise, use wantOldKubeErr to say what the expected message should be for old versions. - for i := 0; i < 10; i++ { + for i := range 10 { wantErr = strings.ReplaceAll(wantErr, fmt.Sprintf("[%d]", i), "") } } diff --git a/test/integration/supervisor_oidc_client_test.go b/test/integration/supervisor_oidc_client_test.go index 5a11746cd..0d0bc6ccb 100644 --- a/test/integration/supervisor_oidc_client_test.go +++ b/test/integration/supervisor_oidc_client_test.go @@ -533,7 +533,7 @@ func makeErrFix(reallyOld bool) []string { out := make([]string, 0, total*6) // good enough allocation // these servers do not show the actual index of where the error occurred - for i := 0; i < total; i++ { + for i := range total { idx := fmt.Sprintf("[%d]", i) out = append(out, idx+":", ":") out = append(out, idx+" ", " ") diff --git a/test/testlib/activedirectory.go b/test/testlib/activedirectory.go index d29d29838..885103a62 100644 --- a/test/testlib/activedirectory.go +++ b/test/testlib/activedirectory.go @@ -139,9 +139,9 @@ func LockADTestUser(t *testing.T, env *TestEnv, testUserName string) { // our password policy allows 20 wrong attempts before locking the account, so do 21. // these wrong password attempts could go to different domain controllers, but account // lockout changes are urgently replicated, meaning that the domain controllers will be - // synced asap rather than in the usual 15 second interval. + // synced asap rather than in the usual 15-second interval. // See https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961787(v=technet.10)#urgent-replication-of-account-lockout-changes - for i := 0; i <= 21; i++ { + for i := range 22 { err := conn.Bind(userDN, "not-the-right-password-"+fmt.Sprint(i)) require.Error(t, err) // this should be an error } From 5635d6c8629d2145441690479e1ae7c57d4e0621 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 8 May 2024 15:01:46 -0500 Subject: [PATCH 08/13] Enable 'fatcontext' linter and mark 'canonicalheader' as unusable --- .golangci.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.golangci.yaml b/.golangci.yaml index acc6d576a..5b9d7f4ff 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -47,6 +47,8 @@ linters: - whitespace - copyloopvar - intrange + - fatcontext + # - canonicalheader Can't do this one since it alerts on valid headers such as X-XSS-Protection issues: exclude-rules: From aac48fc30828b75452f96049fb196f7cbe3d465f Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 8 May 2024 15:12:36 -0500 Subject: [PATCH 09/13] Enable 'spancheck' linter --- .golangci.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.golangci.yaml b/.golangci.yaml index 5b9d7f4ff..19eab2991 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -49,6 +49,7 @@ linters: - intrange - fatcontext # - canonicalheader Can't do this one since it alerts on valid headers such as X-XSS-Protection + - spancheck issues: exclude-rules: @@ -84,3 +85,9 @@ linters-settings: # Allow unused params that start with underscore. It can be nice to keep unused param names when implementing # an interface sometimes, to help readers understand why it is unused in that particular implementation. - allowRegex: "^_" + spancheck: + # https://golangci-lint.run/usage/linters/#spancheck + checks: + - end + - record-error + - set-status From 81f3acfa3889f47c718ad5020b3ca4f07dd5e13d Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 9 May 2024 10:01:51 -0500 Subject: [PATCH 10/13] Update some build tags since go1.22+ is now required --- cmd/pinniped/cmd/kubeconfig_test.go | 4 +-- .../jwtcachefiller/jwtcachefiller_test.go | 2 +- .../oidc_upstream_watcher_test.go | 9 +++---- internal/crypto/ptls/old.go | 14 ---------- internal/testutil/assertions.go | 26 +------------------ internal/testutil/tlsassertions/assertions.go | 10 ------- .../tlsassertions/assertions_before_go1.20.go | 10 ------- internal/upstreamldap/upstreamldap_test.go | 5 ++-- test/integration/ldap_client_test.go | 4 +-- 9 files changed, 12 insertions(+), 72 deletions(-) delete mode 100644 internal/crypto/ptls/old.go delete mode 100644 internal/testutil/tlsassertions/assertions.go delete mode 100644 internal/testutil/tlsassertions/assertions_before_go1.20.go diff --git a/cmd/pinniped/cmd/kubeconfig_test.go b/cmd/pinniped/cmd/kubeconfig_test.go index 50acdf919..6d95fa565 100644 --- a/cmd/pinniped/cmd/kubeconfig_test.go +++ b/cmd/pinniped/cmd/kubeconfig_test.go @@ -1029,8 +1029,8 @@ func TestGetKubeconfig(t *testing.T) { } }, wantError: true, - wantStderr: func(issuerCABundle string, issuerURL string) testutil.RequireErrorStringFunc { - return testutil.WantX509UntrustedCertErrorString(fmt.Sprintf("Error: while fetching OIDC discovery data from issuer: Get \"%s/.well-known/openid-configuration\": %%s\n", issuerURL), "Acme Co") + wantStderr: func(_issuerCABundle string, issuerURL string) testutil.RequireErrorStringFunc { + return testutil.WantSprintfErrorString(`Error: while fetching OIDC discovery data from issuer: Get "%s/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority%s`, issuerURL, "\n") }, }, { diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go index d934f08b8..ca09c410b 100644 --- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go +++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go @@ -1031,7 +1031,7 @@ func TestController(t *testing.T) { }, // no explicit logs, this is an issue of config, the user must provide TLS config for the // custom cert provided for this server. - wantSyncLoopErr: testutil.WantX509UntrustedCertErrorString(`could not perform oidc discovery on provider issuer: Get "`+goodIssuer+`/.well-known/openid-configuration": %s`, "Acme Co"), + wantSyncLoopErr: testutil.WantSprintfErrorString(`could not perform oidc discovery on provider issuer: Get "%s/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority`, goodIssuer), wantCacheEntries: 0, }, { diff --git a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go index 614ee3afd..5810e272d 100644 --- a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go @@ -34,7 +34,6 @@ import ( "go.pinniped.dev/internal/testutil" "go.pinniped.dev/internal/testutil/oidctestutil" "go.pinniped.dev/internal/testutil/testlogger" - "go.pinniped.dev/internal/testutil/tlsassertions" "go.pinniped.dev/internal/testutil/tlsserver" "go.pinniped.dev/internal/upstreamoidc" ) @@ -597,11 +596,11 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="Get \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTLSErrorPrefix() + `x509: certificate signed by unknown authority" "issuer"="` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" "name"="test-name" "namespace"="test-namespace"`, + `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="Get \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority" "issuer"="` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" "name"="test-name" "namespace"="test-namespace"`, `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTLSErrorPrefix() + `x509: certificate signed by unknown authority" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, + `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTLSErrorPrefix() + `x509: certificate signed by unknown authority" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ @@ -623,7 +622,7 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { LastTransitionTime: now, Reason: "Unreachable", Message: `failed to perform OIDC discovery against "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee": -Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration": ` + tlsassertions.GetTLSErrorPrefix() + `x509: certificate signed by unknown authority`, +Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority`, }, }, }, diff --git a/internal/crypto/ptls/old.go b/internal/crypto/ptls/old.go deleted file mode 100644 index 0848df7d3..000000000 --- a/internal/crypto/ptls/old.go +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -//go:build !go1.19 - -package ptls - -func init() { - // cause compile time failure if an older version of Go is used - `Pinniped's TLS configuration makes assumptions about how the Go standard library implementation of TLS works. -It particular, we rely on the server controlling cipher suite selection. For these assumptions to hold, Pinniped -must be compiled with Go 1.19+. If you are seeing this error message, your attempt to compile Pinniped with an -older Go compiler was explicitly failed to prevent an unsafe configuration.` -} diff --git a/internal/testutil/assertions.go b/internal/testutil/assertions.go index 910ef022c..ec4211c1d 100644 --- a/internal/testutil/assertions.go +++ b/internal/testutil/assertions.go @@ -1,4 +1,4 @@ -// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package testutil @@ -16,8 +16,6 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/selection" v1 "k8s.io/client-go/kubernetes/typed/core/v1" - - "go.pinniped.dev/internal/testutil/tlsassertions" ) func RequireTimeInDelta(t *testing.T, t1 time.Time, t2 time.Time, delta time.Duration) { @@ -179,25 +177,3 @@ func WantMatchingErrorString(wantErrRegexp string) RequireErrorStringFunc { require.Regexp(t, wantErrRegexp, actualErrorStr) } } - -// WantX509UntrustedCertErrorString can be used to set up an expected value for an error string in a test table. -// expectedErrorFormatString must contain exactly one formatting verb, which should usually be %s, which will -// be replaced by the platform-specific X509 untrusted certs error string and then compared against expectedCommonName. -func WantX509UntrustedCertErrorString(expectedErrorFormatSpecifier string, expectedCommonName string) RequireErrorStringFunc { - // Starting in Go 1.18.1, and until it was fixed in Go 1.19.5, Go on MacOS had an incorrect error string. - // We don't care which error string was returned, as long as it is either the normal error string from - // the Go x509 library, or the error string that was accidentally returned from the Go x509 library in - // those versions of Go on MacOS which had the bug. - return func(t *testing.T, actualErrorStr string) { - // This is the MacOS error string starting in Go 1.18.1, and until it was fixed in Go 1.19.5. - macOSErr := fmt.Sprintf(`x509: ā€œ%sā€ certificate is not trusted`, expectedCommonName) - // This is the normal Go x509 library error string. - standardErr := `x509: certificate signed by unknown authority` - allowedErrorStrings := []string{ - fmt.Sprintf(expectedErrorFormatSpecifier, tlsassertions.GetTLSErrorPrefix()+macOSErr), - fmt.Sprintf(expectedErrorFormatSpecifier, tlsassertions.GetTLSErrorPrefix()+standardErr), - } - // Allow either. - require.Contains(t, allowedErrorStrings, actualErrorStr) - } -} diff --git a/internal/testutil/tlsassertions/assertions.go b/internal/testutil/tlsassertions/assertions.go deleted file mode 100644 index e9fc3187b..000000000 --- a/internal/testutil/tlsassertions/assertions.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -//go:build go1.20 - -package tlsassertions - -func GetTLSErrorPrefix() string { - return "tls: failed to verify certificate: " -} diff --git a/internal/testutil/tlsassertions/assertions_before_go1.20.go b/internal/testutil/tlsassertions/assertions_before_go1.20.go deleted file mode 100644 index ce94fc07b..000000000 --- a/internal/testutil/tlsassertions/assertions_before_go1.20.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -//go:build !go1.20 - -package tlsassertions - -func GetTLSErrorPrefix() string { - return "" -} diff --git a/internal/upstreamldap/upstreamldap_test.go b/internal/upstreamldap/upstreamldap_test.go index c8308f96a..f7cdcadbe 100644 --- a/internal/upstreamldap/upstreamldap_test.go +++ b/internal/upstreamldap/upstreamldap_test.go @@ -28,7 +28,6 @@ import ( "go.pinniped.dev/internal/federationdomain/upstreamprovider" "go.pinniped.dev/internal/mocks/mockldapconn" "go.pinniped.dev/internal/testutil" - "go.pinniped.dev/internal/testutil/tlsassertions" "go.pinniped.dev/internal/testutil/tlsserver" ) @@ -2414,7 +2413,7 @@ func TestRealTLSDialing(t *testing.T) { caBundle: caForTestServerWithBadCertName.Bundle(), connProto: TLS, context: context.Background(), - wantError: testutil.WantExactErrorString(fmt.Sprintf(`LDAP Result Code 200 "Network Error": %sx509: certificate is valid for 10.2.3.4, not 127.0.0.1`, tlsassertions.GetTLSErrorPrefix())), + wantError: testutil.WantExactErrorString(`LDAP Result Code 200 "Network Error": tls: failed to verify certificate: x509: certificate is valid for 10.2.3.4, not 127.0.0.1`), }, { name: "invalid CA bundle with TLS", @@ -2454,7 +2453,7 @@ func TestRealTLSDialing(t *testing.T) { caBundle: nil, connProto: TLS, context: context.Background(), - wantError: testutil.WantX509UntrustedCertErrorString(`LDAP Result Code 200 "Network Error": %s`, "Acme Co"), + wantError: testutil.WantExactErrorString(`LDAP Result Code 200 "Network Error": tls: failed to verify certificate: x509: certificate signed by unknown authority`), }, { name: "cannot connect to host", diff --git a/test/integration/ldap_client_test.go b/test/integration/ldap_client_test.go index 7a4fac130..e6d97326d 100644 --- a/test/integration/ldap_client_test.go +++ b/test/integration/ldap_client_test.go @@ -560,7 +560,7 @@ func TestLDAPSearch_Parallel(t *testing.T) { username: "pinny", password: pinnyPassword, provider: upstreamldap.New(*providerConfig(func(p *upstreamldap.ProviderConfig) { p.CABundle = nil })), - wantError: testutil.WantX509UntrustedCertErrorString(fmt.Sprintf(`error dialing host "127.0.0.1:%s": LDAP Result Code 200 "Network Error": %%s`, ldapsLocalhostPort), "Pinniped Test"), + wantError: testutil.WantSprintfErrorString(`error dialing host "127.0.0.1:%s": LDAP Result Code 200 "Network Error": tls: failed to verify certificate: x509: certificate signed by unknown authority`, ldapsLocalhostPort), }, { name: "when the CA bundle does not cause the host to be trusted with StartTLS", @@ -571,7 +571,7 @@ func TestLDAPSearch_Parallel(t *testing.T) { p.ConnectionProtocol = upstreamldap.StartTLS p.CABundle = nil })), - wantError: testutil.WantX509UntrustedCertErrorString(fmt.Sprintf(`error dialing host "127.0.0.1:%s": LDAP Result Code 200 "Network Error": TLS handshake failed (%%s)`, ldapLocalhostPort), "Pinniped Test"), + wantError: testutil.WantSprintfErrorString(`error dialing host "127.0.0.1:%s": LDAP Result Code 200 "Network Error": TLS handshake failed (tls: failed to verify certificate: x509: certificate signed by unknown authority)`, ldapLocalhostPort), }, { name: "when trying to use TLS to connect to a port which only supports StartTLS", From 47de5118f2bc88d0f74e183639ca9ba01462d298 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 10 May 2024 09:05:17 -0500 Subject: [PATCH 11/13] Remove deprecated .golangci.yaml options --- .golangci.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 19eab2991..4aa0ac499 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,8 +1,6 @@ -# https://github.com/golangci/golangci-lint#config-file +# https://golangci-lint.run/usage/configuration/ run: - deadline: 1m - skip-dirs: - - generated + timeout: 1m linters: disable-all: true @@ -52,6 +50,8 @@ linters: - spancheck issues: + exclude-dirs: + - generated exclude-rules: # exclude tests from some rules for things that are useful in a testing context. - path: _test\.go From cba26c92f566eab65435ead2cf7ad06bcde74134 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 10 May 2024 13:12:00 -0500 Subject: [PATCH 12/13] Remove with_modules from hack/module.sh --- hack/module.sh | 57 +++++++++++++------------------------------------- 1 file changed, 15 insertions(+), 42 deletions(-) diff --git a/hack/module.sh b/hack/module.sh index d4843f567..17f83976b 100755 --- a/hack/module.sh +++ b/hack/module.sh @@ -7,43 +7,6 @@ set -euo pipefail ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -function tidy_cmd() { - local version="$(cat "${ROOT}/go.mod" | grep '^go ' | cut -f 2 -d ' ')" - echo "go mod tidy -v -go=${version} -compat=${version}" -} - -function test_cmd() { - echo "go test -count 1 -race ./..." -} - -function unittest_cmd() { - echo "go test -short -race ./..." -} - -function with_modules() { - local cmd_function="${1}" - cmd="$(${cmd_function})" - - # start the cache mutation detector by default so that cache mutators will be found - local kube_cache_mutation_detector="${KUBE_CACHE_MUTATION_DETECTOR:-true}" - - # panic the server on watch decode errors since they are considered coder mistakes - local kube_panic_watch_decode_error="${KUBE_PANIC_WATCH_DECODE_ERROR:-true}" - - env_vars="KUBE_CACHE_MUTATION_DETECTOR=${kube_cache_mutation_detector} KUBE_PANIC_WATCH_DECODE_ERROR=${kube_panic_watch_decode_error}" - - pushd "${ROOT}" >/dev/null - for mod_file in $(find . -maxdepth 4 -not -path "./generated/*" -name go.mod | sort); do - mod_dir="$(dirname "${mod_file}")" - ( - echo "=> " - echo " cd ${mod_dir} && ${env_vars} ${cmd}" - cd "${mod_dir}" && env ${env_vars} ${cmd} - ) - done - popd >/dev/null -} - function usage() { echo "Error: must be specified" echo " module.sh [tidy, lint, test, unittest]" @@ -51,9 +14,18 @@ function usage() { } function main() { + pushd "${ROOT}" > /dev/null + + # start the cache mutation detector by default so that cache mutators will be found + local kube_cache_mutation_detector="${KUBE_CACHE_MUTATION_DETECTOR:-true}" + + # panic the server on watch decode errors since they are considered coder mistakes + local kube_panic_watch_decode_error="${KUBE_PANIC_WATCH_DECODE_ERROR:-true}" + case "${1:-invalid}" in 'tidy') - with_modules 'tidy_cmd' + local version="$(cat "${ROOT}/go.mod" | grep '^go ' | cut -f 2 -d ' ')" + go mod tidy -v -go=${version} -compat=${version} ;; 'lint' | 'linter' | 'linters') golangci-lint --version @@ -73,11 +45,10 @@ function main() { golangci/golangci-lint:$lint_version \ ./hack/module.sh lint ;; - 'test' | 'tests') - with_modules 'test_cmd' - ;; 'unittest' | 'unittests' | 'units' | 'unit') - with_modules 'unittest_cmd' + KUBE_CACHE_MUTATION_DETECTOR=${kube_cache_mutation_detector} \ + KUBE_PANIC_WATCH_DECODE_ERROR=${kube_panic_watch_decode_error} \ + go test -short -race ./... ;; *) usage @@ -86,6 +57,8 @@ function main() { echo "=> " echo " \"module.sh $1\" Finished successfully." + + popd > /dev/null } main "$@" From 5568372bb99d2c9fe0bd365cb9354fd41525a60d Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 10 May 2024 13:27:15 -0500 Subject: [PATCH 13/13] Do not use v for the version prefix in lint-version.txt --- hack/install-linter.sh | 8 +++----- hack/lib/lint-version.txt | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/hack/install-linter.sh b/hack/install-linter.sh index 1c942acdf..e0671fb7e 100755 --- a/hack/install-linter.sh +++ b/hack/install-linter.sh @@ -11,14 +11,12 @@ cd "${ROOT}" # Print the Go version. go version -lint_version=$(cat hack/lib/lint-version.txt) +lint_version="v$(cat hack/lib/lint-version.txt)" -echo "Will install golangci-lint@${lint_version}" +echo "Installing golangci-lint@${lint_version}" -# Install the same version of the linter that is used in the CI pipelines +# Install the same version of the linter that the pipelines will use # so you can get the same results when running the linter locally. -# Whenever the linter is updated in the CI pipelines, it should also be -# updated here to make local development more convenient. go install -v "github.com/golangci/golangci-lint/cmd/golangci-lint@${lint_version}" golangci-lint --version diff --git a/hack/lib/lint-version.txt b/hack/lib/lint-version.txt index 1c55d0483..69478d187 100644 --- a/hack/lib/lint-version.txt +++ b/hack/lib/lint-version.txt @@ -1 +1 @@ -v1.58.1 +1.58.1